Stronger dependencies, smarter code.

Boost code performance with Sonatype's Dependency Management MCP Server

Get Started Free

View Documentation

Cloud-Hosted

No setup required—our cloud infrastructure handles everything for you.

Quality at the Source

Ensure only actively maintained, secure, and properly licensed components end up in your code.

Consistency Across Tools

Apply the same rules across tools, whether you're using Copilot, Claude, or other IDE agents.

Why Use MCP for AI-Assisted Coding?

LLM copilots excel at generating code but aren't tuned to evaluate ecosystem health, security posture, or licensing nuances. When your LLM copilot has access to the best dependencies available, the result is high quality applications that breeze through security and QA reviews.

Quick Start Guide

Sign Up Free

Create your free account to get instant access to Sonatype's open source component and vulnerability intelligence.Sign Up for a Free API Key

Configure Client

Add the MCP server to your AI assistant—our cloud infrastructure handles everything for you. All configurations require an API token. Generate your token and replace <your-token> in the configuration with your actual token.

GitHub Copilot supports MCP servers across multiple IDEs including Visual Studio Code, Visual Studio, JetBrains IDEs, Eclipse, and Xcode. Choose your IDE below for specific setup instructions. For comprehensive documentation, see the GitHub Copilot MCP documentation.

Visual Studio Code

Add the following to the global VS Code mcp.json or create a .vscode/mcp.json in your workspace. For more detailed setup instructions, see the VS Code MCP documentation.

{
  "servers": {
    "sonatype-mcp": {
      "url": "https://mcp.guide.sonatype.com/mcp",
      "type": "http",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Switch to Agent mode in Copilot chat to access MCP tools.

Visual Studio

In Copilot Chat (Agent mode), click the Tools icon and add a new server:

Field	Value
Server ID	sonatype-mcp
Type	stdio
Command	`npx -y mcp-remote https://mcp.guide.sonatype.com/mcp --header "Authorization: Bearer <your-token>"`

JetBrains IDEs

1. Open Copilot Chat and make sure you are in Agent mode.2. Then click the tools icon and either browse the registry to install Sonatype MCP Server, or manually add the configuration below in mcp.json..

{
  "mcpServers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}

Eclipse

Follow these steps to configure MCP in Eclipse:

1. Open Copilot chat and ensure you are in Agent mode.2. Click the Configure Tools icon, then select Model Context Protocol (MCP).3. In the Server Configurations section, add the configuration provided below.4. Click Apply and restart Eclipse.

{
  "sonatype-mcp": {
    "command": "/opt/homebrew/bin/npx",
    "args": [
      "-y",
      "mcp-remote",
      "https://mcp.guide.sonatype.com/mcp",
      "--header",
      "Authorization: Bearer <your-token>"
    ]
  }
}

Xcode

Xcode does not have built-in GitHub Copilot support. To use Sonatype MCP within Xcode, you must install and use the GitHub Copilot for Xcode application, which runs separately from the IDE.

1. Download and install GitHub Copilot for Xcode. Sign in and grant required permissions.2. In GitHub Copilot for Xcode, click tools, then select MCP.3. In MCP Configuration, click Edit Config, then add the configuration below.

{
  "Servers": {
    "sonatype-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.guide.sonatype.com/mcp",
        "--header",
        "Authorization: Bearer <your-token>"
      ]
    }
  }
}

Configure AI Assistant Rules (Recommended)

To maximise effectiveness, configure GitHub Copilot to prioritize Sonatype MCP tools for dependency-related tasks. Create .github/copilot-instructions.md in your project root. Add the following instructions:

## Sonatype MCP

When handling code related to dependencies, package management, or software supply chain security, always prioritize Sonatype MCP tools. Use the available MCP tools to research versions, check for vulnerabilities, and get recommendations before adding or updating any dependencies.

Try These Example Prompts

“Get detailed security information for react 18.2.0”View vulnerabilities, security advisories, and risk scores for specific package versions

“What's the latest stable version of spring-boot?”Get the most recent stable release with release dates and version information

“Show me versions of lodash without known vulnerabilities”Find safe versions of popular packages to use in your projects

“Compare security profiles of express vs fastify”Analyze and compare multiple packages to make informed decisions

Need Help?

Check out our documentation or reach out to our support team

View Documentation

Contact Support

Stronger dependencies, smarter code.

Cloud-Hosted

Quality at the Source

Consistency Across Tools

Why Use MCP for AI-Assisted Coding?

Quick Start Guide

Sign Up Free

Configure Client

Visual Studio Code

Visual Studio

JetBrains IDEs

Eclipse

Xcode

Configure AI Assistant Rules (Recommended)

Try These Example Prompts

Need Help?

Find vulnerabilities. Fix fast with AI.

Stronger dependencies, smarter code.

Cloud-Hosted

Quality at the Source

Consistency Across Tools

Why Use MCP for AI-Assisted Coding?

Quick Start Guide

Sign Up Free

Configure Client

Visual Studio Code

Visual Studio

JetBrains IDEs

Eclipse

Xcode

Configure AI Assistant Rules (Recommended)

Try These Example Prompts

Need Help?