@aegis-scan/mcp-server 0.18.8 → 0.18.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +3 -3
  2. package/sbom.cdx.json +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aegis-scan/mcp-server",
3
- "version": "0.18.8",
3
+ "version": "0.18.9",
4
4
  "description": "AEGIS MCP server — exposes scan / findings / score / compliance / fix-suggestion tools to any Model Context Protocol agent (Claude Code, Cursor, Continue, Zed). Five registered tools: aegis_scan, aegis_findings, aegis_score, aegis_compliance, aegis_fix_suggestion.",
5
5
  "license": "MIT",
6
6
  "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
@@ -47,8 +47,8 @@
47
47
  "dependencies": {
48
48
  "@modelcontextprotocol/sdk": "^1.0.0",
49
49
  "zod": "^3.23.0",
50
- "@aegis-scan/core": "0.18.8",
51
- "@aegis-scan/scanners": "0.18.8"
50
+ "@aegis-scan/core": "0.18.9",
51
+ "@aegis-scan/scanners": "0.18.9"
52
52
  },
53
53
  "devDependencies": {
54
54
  "@types/node": "^22.0.0",
package/sbom.cdx.json CHANGED
@@ -1 +1 @@
1
- {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:310b7e75-db82-4908-b223-5676f5878309","version":1,"metadata":{"timestamp":"2026-05-12T09:28:06Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"mcp-server","group":"@aegis-scan","version":"0.18.8","description":"AEGIS MCP server — exposes scan / findings / score / compliance / fix-suggestion tools to any Model Context Protocol agent (Claude Code, Cursor, Continue, Zed). Five registered tools: aegis_scan, aegis_findings, aegis_score, aegis_compliance, aegis_fix_suggestion.","purl":"pkg:npm/%40aegis-scan/mcp-server@0.18.8","bom-ref":"pkg:npm/@aegis-scan/mcp-server@0.18.8","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@aegis-scan\\n@modelcontextprotocol\\n@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json\\npackages/mcp-server/node_modules/@aegis-scan/scanners/package.json\\npackages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json\\npackages/mcp-server/node_modules/@types/node/package.json\\npackages/mcp-server/node_modules/typescript/package.json\\npackages/mcp-server/node_modules/vitest/package.json\\npackages/mcp-server/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/zod/package.json"},{"name":"ImportedModules","value":"zod,zod/z"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/zod/package.json"}],"concludedValue":"packages/mcp-server/node_modules/zod/package.json"}],"occurrences":[{"location":"dist/index.js#7"},{"location":"src/index.ts#7"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/vitest/package.json"}],"concludedValue":"packages/mcp-server/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/typescript/package.json"}],"concludedValue":"packages/mcp-server/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@types/node/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@types/node/package.json"}]}},{"authors":[{"name":"Anthropic"},{"name":" PBC (https://anthropic.com)"}],"group":"@modelcontextprotocol","name":"sdk","version":"1.29.0","description":"Model Context Protocol implementation for TypeScript","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40modelcontextprotocol/sdk@1.29.0","externalReferences":[{"type":"website","url":"https://modelcontextprotocol.io"},{"type":"vcs","url":"git+https://github.com/modelcontextprotocol/typescript-sdk.git"}],"type":"library","bom-ref":"pkg:npm/@modelcontextprotocol/sdk@1.29.0","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"},{"name":"ImportedModules","value":"@modelcontextprotocol/sdk/server/mcp.js,McpServer,@modelcontextprotocol/sdk/server/mcp.js/McpServer,@modelcontextprotocol/sdk/server/stdio.js,StdioServerTransport,@modelcontextprotocol/sdk/server/stdio.js/StdioServerTransport"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"}],"occurrences":[{"location":"dist/index.js#5"},{"location":"src/index.ts#5"},{"location":"dist/index.js#6"},{"location":"src/index.ts#6"}]}},{"authors":[{"name":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>"}],"group":"@aegis-scan","name":"scanners","version":"0.18.8","description":"AEGIS scanner registry — 41 built-in regex checkers + 1 AST cross-file taint analyzer + 20 external-tool wrappers (16 SAST/DAST: Semgrep, Gitleaks, Trivy, ZAP, …; +1 passive subdomain-recon: Subfinder; +3 LLM-agent pentest: Strix, PTAI, Pentest-Swarm-AI — pentest-mode-only). Framework-specific security rules for Next.js + Supabase: multi-tenant isolation, RLS bypass, Zod enforcement, RSC data leaks, and more.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40aegis-scan/scanners@0.18.8","externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}],"type":"framework","bom-ref":"pkg:npm/@aegis-scan/scanners@0.18.8","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"},{"name":"ImportedModules","value":"@aegis-scan/scanners,getAllScanners,@aegis-scan/scanners/getAllScanners"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"}],"occurrences":[{"location":"dist/handlers.js#2"},{"location":"src/handlers.ts#2"}]},"tags":["framework","security"]},{"authors":[{"name":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>"}],"group":"@aegis-scan","name":"core","version":"0.18.8","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40aegis-scan/core@0.18.8","externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}],"type":"library","bom-ref":"pkg:npm/@aegis-scan/core@0.18.8","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"},{"name":"ImportedModules","value":"@aegis-scan/core,loadConfig,@aegis-scan/core/loadConfig,Orchestrator,@aegis-scan/core/Orchestrator,AuditResult,@aegis-scan/core/AuditResult,Finding,@aegis-scan/core/Finding"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"}],"occurrences":[{"location":"dist/handlers.js#1"},{"location":"src/handlers.ts#1"},{"location":"src/handlers.ts#3"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/mcp-server@0.18.8"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-12T09:28:06Z","text":"This Software Bill-of-Materials (SBOM) document was created on Tuesday, May 12, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'mcp-server' with version '0.18.8'. The package type in this SBOM is npm with 3 purl namespaces described under components. The components were identified from 7 source files."}]}
1
+ {"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:594b4ac0-c9bd-42f5-a4fa-62829a845880","version":1,"metadata":{"timestamp":"2026-05-12T15:59:00Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"mcp-server","group":"@aegis-scan","version":"0.18.9","description":"AEGIS MCP server — exposes scan / findings / score / compliance / fix-suggestion tools to any Model Context Protocol agent (Claude Code, Cursor, Continue, Zed). Five registered tools: aegis_scan, aegis_findings, aegis_score, aegis_compliance, aegis_fix_suggestion.","purl":"pkg:npm/%40aegis-scan/mcp-server@0.18.9","bom-ref":"pkg:npm/@aegis-scan/mcp-server@0.18.9","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@aegis-scan\\n@modelcontextprotocol\\n@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json\\npackages/mcp-server/node_modules/@aegis-scan/scanners/package.json\\npackages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json\\npackages/mcp-server/node_modules/@types/node/package.json\\npackages/mcp-server/node_modules/typescript/package.json\\npackages/mcp-server/node_modules/vitest/package.json\\npackages/mcp-server/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/zod/package.json"},{"name":"ImportedModules","value":"zod,zod/z"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/zod/package.json"}],"concludedValue":"packages/mcp-server/node_modules/zod/package.json"}],"occurrences":[{"location":"dist/index.js#7"},{"location":"src/index.ts#7"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/vitest/package.json"}],"concludedValue":"packages/mcp-server/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/typescript/package.json"}],"concludedValue":"packages/mcp-server/node_modules/typescript/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@types/node/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@types/node/package.json"}]}},{"authors":[{"name":"Anthropic"},{"name":" PBC (https://anthropic.com)"}],"group":"@modelcontextprotocol","name":"sdk","version":"1.29.0","description":"Model Context Protocol implementation for TypeScript","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40modelcontextprotocol/sdk@1.29.0","externalReferences":[{"type":"website","url":"https://modelcontextprotocol.io"},{"type":"vcs","url":"git+https://github.com/modelcontextprotocol/typescript-sdk.git"}],"type":"library","bom-ref":"pkg:npm/@modelcontextprotocol/sdk@1.29.0","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"},{"name":"ImportedModules","value":"@modelcontextprotocol/sdk/server/mcp.js,McpServer,@modelcontextprotocol/sdk/server/mcp.js/McpServer,@modelcontextprotocol/sdk/server/stdio.js,StdioServerTransport,@modelcontextprotocol/sdk/server/stdio.js/StdioServerTransport"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@modelcontextprotocol/sdk/package.json"}],"occurrences":[{"location":"dist/index.js#5"},{"location":"src/index.ts#5"},{"location":"dist/index.js#6"},{"location":"src/index.ts#6"}]}},{"authors":[{"name":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>"}],"group":"@aegis-scan","name":"scanners","version":"0.18.9","description":"AEGIS scanner registry — 41 built-in regex checkers + 1 AST cross-file taint analyzer + 20 external-tool wrappers (16 SAST/DAST: Semgrep, Gitleaks, Trivy, ZAP, …; +1 passive subdomain-recon: Subfinder; +3 LLM-agent pentest: Strix, PTAI, Pentest-Swarm-AI — pentest-mode-only). Framework-specific security rules for Next.js + Supabase: multi-tenant isolation, RLS bypass, Zod enforcement, RSC data leaks, and more.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40aegis-scan/scanners@0.18.9","externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}],"type":"framework","bom-ref":"pkg:npm/@aegis-scan/scanners@0.18.9","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"},{"name":"ImportedModules","value":"@aegis-scan/scanners,getAllScanners,@aegis-scan/scanners/getAllScanners"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@aegis-scan/scanners/package.json"}],"occurrences":[{"location":"dist/handlers.js#2"},{"location":"src/handlers.ts#2"}]},"tags":["framework","security"]},{"authors":[{"name":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>"}],"group":"@aegis-scan","name":"core","version":"0.18.9","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40aegis-scan/core@0.18.9","externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}],"type":"library","bom-ref":"pkg:npm/@aegis-scan/core@0.18.9","properties":[{"name":"SrcFile","value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"},{"name":"ImportedModules","value":"@aegis-scan/core,loadConfig,@aegis-scan/core/loadConfig,Orchestrator,@aegis-scan/core/Orchestrator,AuditResult,@aegis-scan/core/AuditResult,Finding,@aegis-scan/core/Finding"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"}],"concludedValue":"packages/mcp-server/node_modules/@aegis-scan/core/package.json"}],"occurrences":[{"location":"dist/handlers.js#1"},{"location":"src/handlers.ts#1"},{"location":"src/handlers.ts#3"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/mcp-server@0.18.9"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-12T15:59:00Z","text":"This Software Bill-of-Materials (SBOM) document was created on Tuesday, May 12, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'mcp-server' with version '0.18.9'. The package type in this SBOM is npm with 3 purl namespaces described under components. The components were identified from 7 source files."}]}