Is Dependency Management MCP Server safe to use?

Dependency Management MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Dependency Management MCP Server?

Dependency Management MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Dependency Management MCP Server?

Dependency Management MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Dependency Management MCP Server actively maintained?

Dependency Management MCP Server is less actively maintained — last commit was 124 days ago. It has 70 GitHub stars.

Dependency Management MCP Server

Official

mcp-remote

Sonatype component intelligence: versions, security analysis, and Trust Score recommendations

70 338.0k/wk 0 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 124d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "discoveredServer": {
      "headers": {
        "Authorization": "Bearer <your-token>"
      },
      "httpUrl": "https://mcp.guide.sonatype.com/mcp"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/com-sonatype-dependency-management-mcp-server)](https://mcppedia.org/s/com-sonatype-dependency-management-mcp-server)

Read me

What Dependency Management MCP Server does

A Model Context Protocol (MCP) server that connects AI assistants to Sonatype's dependency management and security intelligence platform. Empower your AI coding assistant with real-time insights into open source security vulnerabilities, license compliance, and dependency health.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'mcp-remote' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2025-6514low · fixedCVSS 3.1

mcp-remote exposed to OS command injection via untrusted MCP server connections

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Affected: >= 0.0.5Fixed in 0.1.16source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Dependency Management MCP Server safe to use?: Dependency Management MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Dependency Management MCP Server?: Dependency Management MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Dependency Management MCP Server?: Dependency Management MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Dependency Management MCP Server actively maintained?: Dependency Management MCP Server is less actively maintained — last commit was 124 days ago. It has 70 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.7k 1

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.7k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

MCP Security Weekly

Get CVE alerts and security updates for Dependency Management MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "discoveredServer": {
      "headers": {
        "Authorization": "Bearer <your-token>"
      },
      "httpUrl": "https://mcp.guide.sonatype.com/mcp"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/com-sonatype-dependency-management-mcp-server)](https://mcppedia.org/s/com-sonatype-dependency-management-mcp-server)

Read me

What Dependency Management MCP Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'mcp-remote' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Sonatype MCP Server

Overview

The Sonatype MCP Server enables AI assistants to access Sonatype's comprehensive dependency intelligence directly within your development workflow. By integrating with the Model Context Protocol, your AI assistant can help you make informed decisions about dependencies, identify security risks, and maintain compliance — all without leaving your IDE.

Key Features

Component Version Selection - Select the best version the first time, without the side quest
Security Vulnerability Scanning - Identify known vulnerabilities in your project dependencies
License Compliance Checking - Ensure your dependencies meet your organization's license policies
Dependency Health Analysis - Get insights into dependency quality, maintenance status, and risk factors
Real-time Security Advisories - Stay informed about the latest security threats affecting your dependencies
Remediation Guidance - Receive actionable recommendations to fix vulnerabilities and compliance issues

Prerequisites

For IDEs or tools that only support stdio MCP servers (like IntelliJ), install mcp-remote:
```
npm install -g mcp-remote
```

Setup

The Sonatype MCP Server runs as a remote MCP server. Choose the setup instructions for your IDE or AI assistant:

Gemini Code Assist

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

{
  "mcpServers": {
    "discoveredServer": {
      "httpUrl": "https://mcp.guide.sonatype.com/mcp",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Claude Code

Add the server using the Claude CLI:

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

claude mcp add --transport http --scope user sonatype-mcp https://mcp.guide.sonatype.com/mcp --header "Authorization: Bearer <your-token>"

VS Code Copilot

Add the following configuration to your global VS Code mcp.json or create a .vscode/mcp.json file in your workspace:

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

{
  "servers": {
		"sonatype-mcp": {
			"url": "https://mcp.guide.sonatype.com/mcp",
			"type": "http",
			"headers": {
				"Authorization": "Bearer <your-token>"
			}
		}
	}
}

Windsurf

Create or edit ~/.codeium/windsurf/mcp_config.json:

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}

IntelliJ with Junie

Global Scope: Go to IDE settings → Tools → Junie → MCP Settings. Click "+" and add:

Project Scope: Create .junie/mcp/.mcp.json in your project root:

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}

Kiro

Create or edit ~/.kiro/settings/mcp.json:

Replace <your-token> with your personal API token generated at https://guide.sonatype.com/settings/tokens

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--h

... [View full README on GitHub](https://github.com/sonatype/dependency-management-mcp-server#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2025-6514low · fixedCVSS 3.1

mcp-remote exposed to OS command injection via untrusted MCP server connections

mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Affected: >= 0.0.5Fixed in 0.1.16source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Dependency Management MCP Server safe to use?: Dependency Management MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Dependency Management MCP Server?: Dependency Management MCP Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Dependency Management MCP Server?: Dependency Management MCP Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Dependency Management MCP Server actively maintained?: Dependency Management MCP Server is less actively maintained — last commit was 124 days ago. It has 70 GitHub stars.