Added SafeDep Inc, offical vet-mcp server #2076
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olaservo
approved these changes
Jun 17, 2025
Member
|
Thanks for your contribution to the servers list. This has been merged in this combined PR: #2144 This is a new process we're trying out, so if you see any issues feel free to re-open the PR and tag me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
SafeDep vet now exposes a Model Context Protocol (MCP) Server to secure AI generated code and protect against slopsquatting attacks, vulnerable and malicious packages. This feature is available to all the users of SafeDep vet, enabling IDE native software composition analysis (SCA) for AI generated code.
Adoption of AI Code Generation and Agentic Software Engineering opens up new attack vectors such as slopsquatting.
It is imperative to have appropriate guardrails against attacks exploiting LLM hallucinations and prompt injection attacks against agentic coding tools to deploy vulnerable and malicious packages.
Server Details
Motivation and Context
The motivation for this MCP, in line with Safedep’s vision, is to protect developers and organizations from malicious and vulnerable open source packages by automatically vetting dependencies, ensuring safer and more secure software supply chains.
https://safedep.io/