5 posts tagged with "Security"

TL;DR​

• Vulnerability Intelligence runs Trivy on your Mac via Desktop, enriches with NVD + CISA KEV + EPSS, and buckets every CVE into exploit priority / patch today / defer — each row includes a plain-English reason.
• On our own bases (June 2026 scans): python:3.13-slim has 46 unique CVEs and 0 patch-today rows under balanced ( 2 under permissive_patches ); node:20-slim has 97 unique CVEs and 29 patch-today rows — same scanner, different nightly workload.
• Built for security and platform teams who already have Trivy output and need shared rules across client images, not another dashboard that dumps CVSS-sorted noise.

Picture Monday after a base-image rebuild. Trivy finished overnight. The spreadsheet has 103 rows before anyone's had coffee. That's the moment this post is about — not picking Wiz over Snyk, but agreeing what actually patches tonight.

In April we open-sourced an MCP server that combines NIST NVD, CISA KEV, and EPSS into a composite risk score. That solved ranking — why a CVSS 5.0 in active ransomware campaigns should beat a CVSS 9.8 nobody is exploiting.

The next bottleneck is operations: your scanner still dumps hundreds of rows, and every team reinvents spreadsheet triage. Paste-JSON workflows do not scale when you run ten client images a week.

We shipped a hosted path that closes the loop: Desktop runs Trivy on your machine, the cloud enriches findings, and scan_triage buckets every CVE with a bucket_reason you can tune via policy presets.

Try Vulnerability Intelligence on MCPBundles — or keep reading for the bucketing rules and real numbers from our own Dockerfiles.

TL;DR​

• The SonarCloud MCP server reads your connected tenant — orgs, projects, issues, gates, hotspots, measures — from chat instead of five SonarCloud tabs before standup.
• Built for the questions that land minutes before deploy: gate status on main, blockers still open, hotspots waiting for human review, which PR failed analysis last night.
• Engineering leads, platform engineers, and security champions who already run SonarCloud in CI but hate exporting lists when someone asks in Slack.

SonarCloud is good at being the quality record for a repo. It is less good at being the place you answer when the question arrives in a thread two minutes before deploy.

That question rarely stays inside one screen. Standup wants open blockers across services. Release management wants gate status on main plus coverage and vulnerability counts. Security review wants hotspots still marked TO_REVIEW — not the automatic issue list. Platform wants to know whether last night's pull request analysis passed before someone merges anyway.

None of that is "learn to prompt better." It is normal release work that cuts across projects, and the SonarCloud UI was built for people who live inside it all day.

The SonarCloud MCP server on MCPBundles connects your SonarCloud account to the agent host you already use so those cross-project questions get answered in the thread where the decision is happening.

You paste an MCP server URL into a security analyzer. It spits out a number. You ask the obvious question: what does that number actually mean?

Most MCP scanners can't answer it. They run a bunch of regex, run a bunch of LLM prompts, and produce a verdict. If you push on the verdict, you find ad-hoc heuristics with no published source — and worse, you find marketing claims about "AI-powered security analysis" that nobody can audit.

We built MCPBundles' analyzer the other way around. Every rule cites a published taxonomy entry. If we can't cite an entry, the rule doesn't ship. The catalog is small, deliberate, and live: www.mcpbundles.com/learn/mcp-security.

This post is the "show your work" version of that page.

TL;DR​

• Screen against 1.17 million watchlist entries from 22 government sources — OFAC, EU, UK, UN, Canada, Switzerland, Interpol, and others — through the Global Sanctions & Watchlists MCP server, with fuzzy name matching and batch review.
• Covers 1.04 million individuals, 122,000 organizations, and 3,100 vessels; watchlists refreshed 2026-04-20.
• Built for vendor onboarding, payout approval, marketplace trust, and diligence workflows where the question is can this counterparty move forward? — not a full AML case-management platform, but a fast agent-callable screening layer.

If you run vendor onboarding, finance operations, marketplace trust, logistics compliance, or diligence research, sanctions screening is often one step inside a bigger decision. The team is not asking for a database. They are asking whether a counterparty can move forward.

The question sounds simple: "Is this company or person on a sanctions list?" Then reality gets in the way. Which list? Which alias? Is this a close match or just a similar name? Do we need to record the source list, the country, the identifier, and the reason for the match? Is this a vendor review, a customer onboarding step, or a shipping workflow where denied-party screening is only one part of the decision?

That is what the Global Sanctions & Watchlists MCP server is built for. It gives an agent a normalized sanctions search surface so the lookup can happen inside the workflow that needs the answer.

Your vulnerability scanner dumps 200 CVEs. You sort by CVSS score. The CVSS 9.8 at the top gets your attention. You patch it first.

Meanwhile, a CVSS 5.0 three pages down is in active ransomware campaigns. CISA added it to the Known Exploited Vulnerabilities catalog last week. EPSS gives it an 80% exploitation probability. Nobody looked at it because it was page three.

CVSS tells you how bad a vulnerability could be. It says nothing about whether anyone is actually exploiting it. For that, you need two more data sources — and nobody combines all three in one place.

Until now. vulnerability-intelligence-mcp is an open-source MCP server that pulls from NIST NVD, CISA KEV, and FIRST.org EPSS, computes a composite risk score, and gives your AI 30 tools for CVE analysis, watchlist tracking, and scanner triage.