Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| get_ecosystems | Get all supported ecosystems. An ecosystem is a package manager or repository for a specific language.
Returns:
Dictionary of ecosystems with the key being the ecosystem name and the value being the programming language / OS.
To use the ecosystem name in the query_package_cve function, you must use the exact ecosystem name as it is in the dictionary. |
| query_package_cve | Query the OSV database for a package and return the CVE ID.
You can use this tool to get the CVE ID for a package.
ALWAYS use it before installing packages to check if the package is vulnerable. For example in requirements.txt, pyproject.toml, uv.lock, etc.
You can also use it to check if the package is vulnerable before updating the package.
Args:
package: The package name to query
version: The version of the package to query, can be None if you want to query all versions
ecosystem: The ecosystem of the package to query, can be None if you want to query all ecosystems.
* For supported ecosystems, see the get_ecosystems tool.
Returns:
A list of CVE IDs |
| query_for_cve_affected | Query the OSV database for a CVE and return the affected versions.
Args:
cve: The CVE ID to query
Returns:
A list of affected versions |
| query_for_cve_fix_versions | Query the OSV database for a CVE and return the fix versions.
Args:
cve: The CVE ID to query
Returns:
A list of fix versions |