maheshkumargangula/blackduck-mcp
MCP server for Black Duck SCA — lets AI assistants (Claude, Cursor, VS Code) check component vulnerabilities and find safe upgrade paths
Platform-specific configuration:
{
"mcpServers": {
"blackduck-mcp": {
"command": "npx",
"args": [
"-y",
"blackduck-mcp"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
> MCP server for Black Duck Software Composition Analysis — lets AI assistants (Claude, Cursor, VS Code) query component vulnerabilities and find safe upgrade paths.
---
git clone https://github.com/maheshkumargangula/blackduck-mcp.git
cd blackduck-mcp
npm install && npm run buildThen wire it into your MCP client (see Integration below).
---
MCP Client (Claude / Cursor / VS Code)
|
| MCP Protocol (stdio)
v
┌─────────────────────────────────┐
│ blackduck-mcp │
│ │
│ src/index.ts ← tool registry │
│ │ │
│ ├── search_component │
│ ├── list_component_vers. │
│ ├── get_version_vulns │
│ ├── get_upgrade_guidance │
│ └── analyze_component ──────── (orchestrator)
│ │ │
│ src/client.ts │
│ (auth + retry + API mapping) │
└─────────────┬───────────────────┘
│
│ HTTPS REST
v
┌─────────────────────────────────┐
│ Black Duck Server │
│ POST /api/tokens/authenticate │
│ GET /api/search/kb-components│
│ GET .../versions │
│ GET .../vulnerabilities │
│ GET .../upgrade-guidance │
└─────────────────────────────────┘analyze_component is the high-level orchestrator. It calls the other four API methods in sequence: search → version lookup → vulnerability check → upgrade guidance.
---
URL global required)Loading reviews...