Ask your AI assistant to identify and address vulnerability and license-quality gaps in plain English.
lynk-mcp connects Claude, Cursor, VS Code Copilot, and Zed to your Interlynk organization, so AI can query SBOMs, track CVEs, draft security summaries, and help close vulnerability and license-quality gaps across your supply chain.
WHY LYNK-MCP
Software supply chain security,
without the query language.
Managing SBOMs and vulnerabilities is complex. lynk-mcp turns it into a conversation.
Find exposure instantly
"Show me every critical CVE affecting my products." Search vulnerabilities across your whole organization in one question.
Track drift between versions
Compare two SBOM versions and surface exactly which components were added, removed, or changed.
Check compliance on demand
Ask which versions fail policy, which components use GPL licenses, or which license risks need review.
Summarize for any audience
"Draft an executive vulnerability summary." Create security and compliance summaries from live SBOM data.
CAPABILITIES
Everything your AI assistant
needs to reason about supply chain risk.
Natural language queries
Ask questions in plain English — no GraphQL, no dashboards, no filters to configure.
Multi-product analysis
Search CVEs across your organization and inspect affected products, versions, and components.
Version comparison & drift
Diff two SBOM versions to see component changes, then combine that context with vulnerability data.
Compliance & license tracking
Surface policy violations, license risk, and KEV-flagged vulnerabilities on demand.
Security summaries
"Create an executive summary of our vulnerability posture" — drafted from live SBOM data.
Token-aware setup
Store API tokens in your system keychain, or provide them with LYNK_API_TOKEN for Docker and CI workflows.
IN PRACTICE
Real questions you can
ask once it's connected.
Configure lynk-mcp with your AI assistant and start asking.
Vulnerability Analysis
Specific CVEs & Attacks
Security Reports
Draft an executive summary of our vulnerability posture.
Draft a security summary for payments-api with all critical CVEs.
List components with known vulnerabilities, grouped by severity.
Summarize vulnerability trends between the last two versions.
Drift Analysis
Compare the last two versions of edge-gw and highlight component changes.
Which vulnerabilities appear in the latest version?
Show components added or removed between versions.
Has our security posture improved since the last release?
Policy & Compliance
What policies are currently failing for production?
Show me all versions that violate security policies.
List all components using GPL licenses.
Which components use rejected or unspecified licenses?
Component Analysis
Find all instances of log4j across my organization.
List all components from a given vendor.
Show direct vs transitive dependencies in this version.
Which components are missing PURL identifiers?
CLOSE THE LOOP
Don't just find quality gaps — address them.
lynk-mcp pairs Interlynk's SBOM Doctor with write-back tools, so your AI assistant can detect vulnerability and license quality gaps, update the underlying SBOM data, and improve visibility for downstream remediation.
01 — DETECT
Run SBOM Doctor
list_doctor_results runs Interlynk's Doctor API against a version — surfacing missing licenses, weak metadata, and risk findings, filtered by severity, domain, or check code.
02 — RECOMMEND
Let AI propose the update
Doctor results provide the solution space for each finding, so your assistant can propose a concrete data update — a corrected SPDX license expression, a missing PURL or CPE, or VEX context for a non-exploitable CVE.
03 — UPDATE
Write the update back
update_component, update_component_supplier, and update_component_vex apply the change to your SBOM data — each guarded by an explicit confirm step, so nothing is altered by accident.
Close vulnerability gaps
Triage findings and update VEX status, justification, and fixed-in data with update_component_vex — turning a noisy CVE list into an accurate, exploitability-aware picture.
Close license gaps
Fill in missing or malformed SPDX license expressions, suppliers, PURLs, and CPEs with update_component — so every component is identifiable and compliance-ready.
UNDER THE HOOD
21 tools, mapped
to the Interlynk API.
Your AI assistant picks the right tool for each question automatically.
Organization & Inventory
get_organization
list_products
get_product
list_environments
get_environment
list_versions
get_version
Components & Quality
compare_versions
list_components
get_component
update_component
update_component_supplier
list_doctor_results
list_licenses
Vulnerabilities & Governance
list_vulnerabilities
get_vulnerability
search_vulnerabilities
update_component_vex
list_versions
get_policy
list_policy_violations
GET STARTED
Connected in under two minutes.
Install, configure your token, and add it to your AI assistant.
Included on every Interlynk plan
lynk-mcp works with both the Free and Enterprise tiers. Create an account at app.interlynk.io, grab an API token, and connect.
Free tier
Enterprise tier
Install
Grab lynk-mcp with Homebrew on macOS or Linux.
Configure
Sign up at app.interlynk.io, then add your API token — stored safely in your system keychain.
Connect
Register the server with your assistant — e.g. Claude Desktop.
THE INTERLYNK TOOLKIT