ossf_scorecard_trend_analyzer
ActiveTool of @gapup/mcp-knowledge
As a CTO, analyze OSSF Scorecard trends for your top 10-50 dependencies to identify security regressions or deteriorating project health. Input GitHub repository names (owner/repo), get structured trend data including score deltas, check failures, and risk flags. Uses OSSF Scorecard API and GitHub Archive for historical context. Ideal for proactive dependency management and risk assessment.
Parameters schema
{
"type": "object",
"required": [
"repositories"
],
"properties": {
"async": {
"type": "boolean",
"description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
},
"lookbackDays": {
"type": "number",
"default": 30,
"maximum": 90,
"minimum": 7,
"description": "Number of days to analyze trends for"
},
"repositories": {
"type": "array",
"items": {
"type": "string",
"pattern": "^[a-zA-Z0-9-]+/[a-zA-Z0-9-_.]+$"
},
"maxItems": 50,
"minItems": 1,
"description": "List of GitHub repositories in owner/repo format"
},
"minScoreThreshold": {
"type": "number",
"default": 5,
"maximum": 10,
"minimum": 0,
"description": "Minimum acceptable score to flag as risky"
}
}
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
@gapup/mcp-knowledge
https://github.com/getgapup/gapup-mcp
2/7 registries