security_audit_sbom_continuous
ActiveTool of DataNexus MCP
Persistent SBOM watch. Register once, check anytime for new CVEs affecting your dependency snapshot. Silent permanent watch — CycloneDX and SPDX supported. Uses OSV.dev for vulnerability lookup, Redis for persistence with 90-day TTL. Supports CycloneDX 1.4/1.5 and SPDX 2.3 JSON. Input size limit: 500 KB. Returns go_no_go signal on register; new_findings on check. Rate limit: 10/minute. No auth required. For DevSecOps teams monitoring production dependency exposure. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_continuous", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
Parameters schema
{
"type": "object",
"required": [
"sbom",
"watch_id",
"action"
],
"properties": {
"sbom": {
"type": "string",
"description": "CycloneDX or SPDX SBOM as JSON string. Required for register action."
},
"action": {
"enum": [
"register",
"check",
"deregister"
],
"type": "string",
"description": "Action: register, check, or deregister the SBOM watch. Required."
},
"watch_id": {
"type": "string",
"description": "Unique watch identifier for this SBOM watch. Required."
}
},
"additionalProperties": false
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
DataNexus MCP
1/7 registries