FOSSA (License Compliance)

FOSSA (License Compliance) MCP Connector for Claude

F

Manage license compliance and security vulnerabilities via FOSSA — list projects, inspect revisions, and track dependencies directly from your AI agent.

6 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your FOSSA account to any AI agent to automate open-source license compliance and security auditing through natural language.

What you can do

  • Project Overview — List all projects in your organization with support for filtering and pagination.
  • Revision Tracking — Access specific project revisions and fetch detailed metadata for any version locator.
  • Dependency Analysis — Deep-dive into the dependency tree of any revision to understand your software bill of materials (SBOM).
  • Impact Assessment — Identify every parent project that contains a specific vulnerable or non-compliant dependency.
  • Vulnerability Scanning — Check for security vulnerabilities across multiple dependency locators in a single query.

How it works

  1. Subscribe to this server
  2. Enter your FOSSA API Token
  3. Start auditing your software supply chain from Claude, Cursor, or any MCP client

Who is this for?

  • Security Engineers — quickly identify where vulnerable packages are used across the entire organization.
  • Legal & Compliance Teams — audit project revisions for license compliance without manually navigating the FOSSA UI.
  • DevOps & Architects — verify dependency trees and project metadata directly from the terminal or code editor.
open-sourcelicense-compliancevulnerability-scanningdependency-managementsoftware-audit

6 tools expose this connector's capabilities to your AI agent.

check_vulnerabilities

Uses a POST request but only reads data. Check vulnerabilities by dependency locators

get_revision

Get details for a specific revision

get_parent_projects

Get parent projects containing a dependency

list_projects

Supports filtering and pagination. List all projects in your organization

get_revision_dependencies

Get dependencies for a specific revision

list_revisions

List revisions of a project

See how to talk to your AI agent using FOSSA (License Compliance).

List all projects in my FOSSA organization named 'DocsExample'.

I've found the project: 'custom+27932/DocsExample'. Would you like to see its recent revisions or check for vulnerabilities?

Check for vulnerabilities in npm+ssh2$0.6.1 and npm+coa$2.0.2.

I've analyzed those locators. 'npm+ssh2$0.6.1' has 2 critical vulnerabilities related to command injection. 'npm+coa$2.0.2' is currently clear of known vulnerabilities in the FOSSA database.

Which projects are using the dependency npm+coa$2.0.2?

The dependency 'npm+coa$2.0.2' is found in 3 parent projects: 'Core-API', 'Frontend-Dashboard', and 'Legacy-Auth-Service'.

Yes. Use the `get_parent_projects` tool with the dependency locator (e.g., `npm+coa$2.0.2`) to see every project in your organization that includes that specific dependency.

Related Connectors