SBOM for VS Code by SBOMApp!

“AI wrote the code – now audit what’s inside”

SBOM MCP Server - SBOMApp MCP Server brings software supplychain security assistant inside VS Code. With a simple natural language prompt, developers can instantly generate SBOMs (SPDX/CycloneDX), scan for CVEs, Verify Licence Compliance, and get actionable remediation guidance.

No switching tools, no manual scripts, everything happens right inside your editor, keeping you fast, secure, and focused.

Why teams choose SBOMApp MCP:

Endtoend visibility: Build complete SBOMs (including transitive deps) from local workspaces or Git repos, then attach them to builds and releases.

Actionable security: Run vulnerability scans, drill into CVE details, and get fix versions and upgrade paths.

License clarity: Identify copyleft and other risky licenses early with auditfriendly summaries.

Copilot + MCP native: Works naturally in Agent Mode, so prompts like “generate sbom”, “scan vulnerabilities” 

Frictionless onboarding: Start with a 7day free trial or connect your enterprise server using secure tokens stored by VS Code.

Designed for securityminded engineering orgs: Whether you’re shipping regulated software, hardening your SDLC, or preparing for customer SBOM requests, SBOMApp MCP delivers the SBOM, CVE, and license insights your teams need

Absolute Privacy Guarantee!

We don’t store your code, your SBOMs, your dependencies, or any project data — ever. Only your email (for free trial) and API token are stored securely. Everything else stays completely on your machine.

SBOMApp MCP Server

Connect to a remote SBOM MCP Server to perform software bill of materials analysis, vulnerability scanning, opensource license details and dependency management.

Quick Start Guide

Step 1: Install the Extension

1. Open VS Code
2. Go to Extensions (Ctrl+Shift+X or Cmd+Shift+X on Mac)
3. Search for "SBOMApp MCP Server"
4. Click Install

Or install directly from the VS Code Marketplace

Step 2: Free Trial - Get Started Instantly!

New users get a FREE 90-day trial with 100 Tokens - no credit card required!

Automatic Trial Registration:

1. Install the extension
2. On first launch, you'll be prompted to start your free trial
3. Enter your email address
4. Your API key is automatically configured - you're ready to go!

Simple steps to Activate Trial!

prerequisites : Visual Studio Code should be Installed with langauage Models enabled.

• Click on the SBOM MCP status bar!

• Click on the start free trial option,

• Click on th start free trial popup,

• Enter your official email-id & click Enter,

• After sucessful Registration, you will get the trial activation notification!

• Reload the Window using the command "CTRL+SHIFT+P" or click "Command Palette" and Select "Developer:Reload Window" to Refresh the MCP Server!

Trial Features:

Upgrade to Pro:

When your trial expires or tokens are exhausted, upgrade at: https://payment.sbomapp.com or https://sbomapp.com

Manual Configuration (Enterprise Users):

If you have a license key from your administrator:

1. Press Ctrl+Shift+P → "SBOMApp: Configure Remote Server"
2. Enter your Server URL: https://mcp.sbomapp.com/mcp
3. Enter your API Key

Step 3: Test the Connection

1. Press Ctrl+Shift+P again
2. Type "SBOMApp: Test Connection" and press Enter
3. You should see a success message with available tools count

Step 4: Restart the VS code.

Mandatory step! Once credentials and connections are tested, Kindly restart the VS Code.

Step 5: Start Using "@sbomapp" in chat box

Once

... View full README on GitHub