You're viewing a demo portfolio

Join the waitlist
PRSM

security_audit_sbom_license_policy

Active

Tool of DataNexus MCP

declared in 3.4.2

Audit a CycloneDX or SPDX SBOM against an SPDX licence policy and return a PASS/WARN/BLOCK verdict. sbom: Full SBOM as a JSON string — CycloneDX or SPDX format. Required. 500 KB max. policy: Optional dict with block/warn/allow arrays of exact SPDX licence identifiers (e.g. GPL-3.0, MIT). Defaults to block GPL-3.0 and AGPL-3.0, warn LGPL-2.1/MPL-2.0/BSD-4-Clause, allow MIT/Apache-2.0/BSD-2-Clause/BSD-3-Clause. No glob patterns — exact SPDX IDs only. Unlisted licences default to WARN. Returns verdict (PASS/WARN/BLOCK), blocked_packages, warned_packages, and the policy applied. Use security_audit_sbom_vulnerabilities for CVE auditing instead. Sources: deps.dev (Google). 1-hour cache per package. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_license_policy", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

Parameters schema

{
  "type": "object",
  "required": [
    "sbom"
  ],
  "properties": {
    "sbom": {
      "type": "string",
      "description": "CycloneDX or SPDX SBOM as JSON string. Required. 500 KB max."
    },
    "policy": {
      "anyOf": [
        {
          "type": "object",
          "additionalProperties": true
        },
        {
          "type": "null"
        }
      ],
      "default": null,
      "description": "Policy dict with block/warn/allow arrays of SPDX licence IDs. Optional."
    }
  },
  "additionalProperties": false
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.70.

Parent server

DataNexus MCP

1/7 registries
View full server →
security_audit_sbom_license_policy — DataNexus MCP — PRSM MCP