feat: OSV-Scanner MCP server #2256
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## mcp #2256 +/- ##
==========================================
- Coverage 67.46% 67.04% -0.42%
==========================================
Files 169 172 +3
Lines 16386 16491 +105
==========================================
+ Hits 11055 11057 +2
- Misses 4655 4756 +101
- Partials 676 678 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
/gemini |
go.mod
Outdated
| github.com/google/osv-scalibr v0.3.4 | ||
| github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5 | ||
| github.com/jedib0t/go-pretty/v6 v6.6.8 | ||
| github.com/mark3labs/mcp-go v0.41.1 |
There was a problem hiding this comment.
Scorecard is looking into a MCP server as well, is there a reason you went with this library? We had been looking at the official SDK ( partly maintained by the Go team)?
https://github.com/modelcontextprotocol/go-sdk
I haven't personally looked at alternatives, so I'm just trying to avoid redoing any analysis that may have already been done.
There was a problem hiding this comment.
I haven't looked too much into the different mcp libraries, I mostly picked go-mcp as it was the most popular by stars, and was not aware that there is an official one.
But what I found during implementation is that it really doesn't matter too much the mcp library being used, the actual part interfacing with the mcp library is quite minimal, so it should be very easy to switch between different libraries. I might switch to use go-sdk as it looks like an evolution of the go-mcp library that's more officially supported.
another-rex
force-pushed
the
scanner-mcp
branch
from
a969978 to
fdfbc31
Compare
3 participants
Basic MVP of an osv-scanner MCP server fulfilling workflow 1. Directly vulnerability scanning of a project with prioritisation.