4,000+ servers built on vurb.ts
Vinkius
Unlock for AI Agents
Mastra AISDK
Mastra AI
FOSSA (License Compliance) MCP Server

Bring Open Source
to Mastra AI

Learn how to connect FOSSA (License Compliance) to Mastra AI and start using 6 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.

MCP Inspector GDPR Free for Subscribers
Check VulnerabilitiesGet Parent ProjectsGet RevisionGet Revision DependenciesList ProjectsList Revisions
Unlock for AI Agents
ChatGPT Claude Perplexity

Compatible with every major AI agent and IDE

ClaudeClaude
ChatGPTChatGPT
CursorCursor
GeminiGemini
WindsurfWindsurf
VS CodeVS Code
JetBrainsJetBrains
VercelVercel
+ other MCP clients
FOSSA (License Compliance)

What is the FOSSA (License Compliance) MCP Server?

Connect your FOSSA account to any AI agent to automate open-source license compliance and security auditing through natural language.

What you can do

  • Project Overview — List all projects in your organization with support for filtering and pagination.
  • Revision Tracking — Access specific project revisions and fetch detailed metadata for any version locator.
  • Dependency Analysis — Deep-dive into the dependency tree of any revision to understand your software bill of materials (SBOM).
  • Impact Assessment — Identify every parent project that contains a specific vulnerable or non-compliant dependency.
  • Vulnerability Scanning — Check for security vulnerabilities across multiple dependency locators in a single query.

How it works

  1. Subscribe to this server
  2. Enter your FOSSA API Token
  3. Start auditing your software supply chain from Claude, Cursor, or any MCP client

Who is this for?

  • Security Engineers — quickly identify where vulnerable packages are used across the entire organization.
  • Legal & Compliance Teams — audit project revisions for license compliance without manually navigating the FOSSA UI.
  • DevOps & Architects — verify dependency trees and project metadata directly from the terminal or code editor.

Built-in capabilities (6)

check_vulnerabilities

Uses a POST request but only reads data. Check vulnerabilities by dependency locators

get_parent_projects

Get parent projects containing a dependency

get_revision

Get details for a specific revision

get_revision_dependencies

Get dependencies for a specific revision

list_projects

Supports filtering and pagination. List all projects in your organization

list_revisions

List revisions of a project

Why Mastra AI?

Mastra's agent abstraction provides a clean separation between LLM logic and FOSSA (License Compliance) tool infrastructure. Connect 6 tools through Vinkius and use Mastra's built-in workflow engine to chain tool calls with conditional logic, retries, and parallel execution. deployable to any Node.js host in one command.

  • Mastra's agent abstraction provides a clean separation between LLM logic and tool infrastructure. add FOSSA (License Compliance) without touching business code

  • Built-in workflow engine chains MCP tool calls with conditional logic, retries, and parallel execution for complex automation

  • TypeScript-native: full type inference for every FOSSA (License Compliance) tool response with IDE autocomplete and compile-time checks

  • One-command deployment to any Node.js host. Vercel, Railway, Fly.io, or your own infrastructure

M
See it in action

FOSSA (License Compliance) in Mastra AI

AI AgentVinkius
High Security·Kill Switch·Plug and Play
Why Vinkius

FOSSA (License Compliance) and 4,000+ other MCP servers. One platform. One governance layer.

Teams that connect FOSSA (License Compliance) to Mastra AI through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.

4,000+MCP Servers ready
<40msCold start
60%Token savings
Raw MCP
Vinkius
Server catalogFind and host yourself4,000+ managed
InfrastructureSelf-hostedSandboxed V8 isolates
Credential handlingPlaintext in configVault + runtime injection
Data loss preventionNoneConfigurable DLP policies
Kill switchNoneGlobal instant shutdown
Financial circuit breakersNonePer-server limits + alerts
Audit trailNoneEd25519 signed logs
SIEM log streamingNoneSplunk, Datadog, Webhook
HoneytokensNoneCanary alerts on leak
Custom domainsNot applicableDNS challenge verified
GDPR complianceManual effortAutomated purge + export
Unlock for AI Agents View step-by-step setup guide for Mastra AI →
Enterprise Security

Why teams choose Vinkius for FOSSA (License Compliance) in Mastra AI

The FOSSA (License Compliance) MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 6 tools execute in hardened sandboxes optimized for native MCP execution.

Your AI agents in Mastra AI only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.

Unlock for AI Agents View full FOSSA (License Compliance) details →
FOSSA (License Compliance)
Fully ManagedVinkius Servers
60%Token savings
High SecurityEnterprise-grade
IAMAccess control
EU AI ActCompliant
DLPData protection
V8 IsolateSandboxed
Ed25519Audit chain
<40msKill switch
Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

The Vinkius Advantage

How Vinkius secures FOSSA (License Compliance) for Mastra AI

Every tool call from Mastra AI to the FOSSA (License Compliance) MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.

< 40msCold start
Ed25519Signed audit chain
60%Token savings
FAQ

Frequently asked questions

01

Can I find which projects are affected by a specific vulnerable package?

Yes. Use the get_parent_projects tool with the dependency locator (e.g., npm+coa$2.0.2) to see every project in your organization that includes that specific dependency.

02

How do I check for security vulnerabilities in a list of dependencies?

You can use the check_vulnerabilities tool by providing an array of dependency locators. The agent will return any known security issues impacting those specific versions.

03

Can I see the full dependency list for a specific project version?

Absolutely. By using get_revision_dependencies with a revision locator, you can retrieve the complete list of dependencies identified by FOSSA for that specific build or release.

04

How does Mastra AI connect to MCP servers?

Create an MCPClient with the server URL and pass it to your agent. Mastra discovers all tools and makes them available with full TypeScript types.

05

Can Mastra agents use tools from multiple servers?

Yes. Pass multiple MCP clients to the agent constructor. Mastra merges all tool schemas and the agent can call any tool from any server.

06

Does Mastra support workflow orchestration?

Yes. Mastra has a built-in workflow engine that lets you chain MCP tool calls with branching logic, error handling, and parallel execution.

07

createMCPClient not exported

Install: npm install @mastra/mcp

Explore More MCP Servers

View all →
Aircall

Aircall

10 tools

Cloud business phone system — manage calls, contacts, and team availability via AI.

Todoist

Todoist

12 tools

Organize your personal and team tasks with the productivity app that millions trust to stay on top of everything that matters.

TaxJar

TaxJar

10 tools

Connect your AI to TaxJar. Calculate sales tax dynamically, validate active nexus regions, and assess order tax liability natively from the terminal.

Interact Software

Interact Software

10 tools

Manage intranet people, content, and groups via Interact Software API.