com.sonatype/dependency-management-mcp-server

Install

Config snippet generator goes here (5 client tabs)

README

# Sonatype MCP Server

A Model Context Protocol (MCP) server that connects AI assistants to Sonatype's dependency management and security intelligence platform. Empower your AI coding assistant with real-time insights into open source security vulnerabilities, license compliance, and dependency health.

## Overview

The Sonatype MCP Server enables AI assistants to access Sonatype's comprehensive dependency intelligence directly within your development workflow. By integrating with the Model Context Protocol, your AI assistant can help you make informed decisions about dependencies, identify security risks, and maintain compliance — all without leaving your IDE.

## Key Features

- **Component Version Selection** - Select the best version the first time, without the side quest
- **Security Vulnerability Scanning** - Identify known vulnerabilities in your project dependencies
- **License Compliance Checking** - Ensure your dependencies meet your organization's license policies
- **Dependency Health Analysis** - Get insights into dependency quality, maintenance status, and risk factors
- **Real-time Security Advisories** - Stay informed about the latest security threats affecting your dependencies
- **Remediation Guidance** - Receive actionable recommendations to fix vulnerabilities and compliance issues

## Prerequisites

- For IDEs or tools that only support stdio MCP servers (like IntelliJ), install `mcp-remote`:
  ```bash
  npm install -g mcp-remote
  ```

## Setup

The Sonatype MCP Server runs as a remote MCP server. Choose the setup instructions for your IDE or AI assistant:

### Gemini Code Assist

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "mcpServers": {
    "discoveredServer": {
      "httpUrl": "https://mcp.guide.sonatype.com/mcp",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}
```

### Claude Code

Add the server using the Claude CLI:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```bash
claude mcp add --transport http --scope user sonatype-mcp https://mcp.guide.sonatype.com/mcp --header "Authorization: Bearer <your-token>"
```

### VS Code Copilot

Add the following configuration to your global VS Code `mcp.json` or create a `.vscode/mcp.json` file in your workspace:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "servers": {
		"sonatype-mcp": {
			"url": "https://mcp.guide.sonatype.com/mcp",
			"type": "http",
			"headers": {
				"Authorization": "Bearer <your-token>"
			}
		}
	}
}
```

### Windsurf

Create or edit `~/.codeium/windsurf/mcp_config.json`:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}
```

### IntelliJ with Junie

**Global Scope:** Go to IDE settings → Tools → Junie → MCP Settings. Click "+" and add:

**Project Scope:** Create `.junie/mcp/.mcp.json` in your project root:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}
```

### Kiro

Create or edit `~/.kiro/settings/mcp.json`:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}
```

### Cursor

Cursor supports remote servers directly. Add to your `~/.cursor/mcp.json`:

Replace `<your-token>` with your personal API token generated at https://guide.sonatype.com/settings/tokens

```json
{
  "mcpServers": {
    "sonatype-mcp": {
      "type": "http",
      "url": "https://mcp.guide.sonatype.com/mcp",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}
```

### Codex (IDE Plugin & CLI)
For both methods below, define an environment variable SONATYPE_GUIDE_MCP_TOKEN for your personal API token generated at https://guide.sonatype.com/settings/tokens.

Method 1:
Using CLI command: `codex mcp add sonatype-mcp --url https://mcp.guide.sonatype.com/mcp --bearer-token-env-var SONATYPE_GUIDE_MCP_TOKEN`

Method 2:
Create or edit `~/.codex/config.toml`:

```toml
[mcp_servers.sonatype-mcp]
url = "https://mcp.guide.sonatype.com/mcp"
bearer_token_env_var = "SONATYPE_GUIDE_M