Model Context Protocol (MCP)
Early Access
Try our newest feature! Only available through reach out. Contact us to join the early access program and get priority support.
Unizo offers an MCP server that integrates package and container registries with any LLM provider supporting the MCP protocol. This enables your AI agent to manage artifacts, analyze dependencies, and automate registry operations across Docker Hub, npm, PyPI, Maven Central, and other registry platforms via a single MCP server.
Supported Tools & Use Cases
The following tools are available in the Packages and Container Registry MCP Server:
| Tool Name | Description |
|---|---|
list_repositories | Browse repositories, namespaces, and organizations in registries |
search_artifacts | Search packages and containers by name, tags, or metadata |
get_artifact_details | Retrieve comprehensive artifact information including metadata and security data |
list_tags | View available versions, tags, and releases for artifacts |
analyze_dependencies | Examine package dependencies, vulnerabilities, and security issues |
scan_image | Perform security scanning on container images |
list_repositories
Browse repositories, namespaces, and organizations in registries
Parameters:
integration: Target registry integration (required)namespace: Organization or namespace to listtype: Repository type (container, package)visibility: Filter by visibility (public, private)page: Pagination controllimit: Number of results per page
search_artifacts
Search packages and containers by name, tags, or metadata
Parameters:
integration: Target registry integration (required)query: Search query (required)type: Artifact type (container, npm, pypi, maven)tags: Filter by tags or labelsinclude_deprecated: Include deprecated packagessort: Sort order (relevance, updated, downloads)limit: Maximum results to return
get_artifact_details
Retrieve comprehensive artifact information including metadata and security data
Parameters:
integration: Target registry integration (required)artifact: Artifact identifier (required)version: Specific version (optional, latest if not specified)include_vulnerabilities: Include vulnerability scan resultsinclude_dependencies: Include dependency treeinclude_sbom: Include software bill of materials
list_tags
View available versions, tags, and releases for artifacts
Parameters:
integration: Target registry integration (required)repository: Repository name (required)include_signatures: Include signing informationinclude_digests: Include content digestsfilter: Filter expression for tagssort: Sort order (newest, oldest, semver)limit: Maximum tags to return
analyze_dependencies
Examine package dependencies, vulnerabilities, and security issues
Parameters:
integration: Target registry integration (required)artifact: Artifact to analyze (required)scan_type: Type of scan (security, license, quality)depth: Dependency tree depth to analyzeinclude_transitive: Include transitive dependenciesseverity_threshold: Minimum severity to report
scan_image
Perform security scanning on container images
Parameters:
integration: Target registry integration (required)image: Container image to scan (required)scan_layers: Scan individual layerscheck_base_image: Verify base image securitypolicy: Security policy to applyinclude_fixes: Include available fixes
Installation
Prerequisites
- A Unizo API key
- An active PCR integration (Amazon ECR, Docker Hub, Google Artifact Registry, GitHub Container Registry, GitLab Container Registry, JFrog Artifactory, Microsoft ACR, Nexus)
- Node.js v20 or higher
MCP Configuration
Here is an example configuration for setting up the Unizo SCM MCP server:
{
"mcpServers": {
"unizo-pcr": {
"command": "npx",
"args": [
"mcp-remote",
"http://api.unizo.ai/mcp/pcr",
"--allow-http",
"--header",
"apikey:${UNIZO_API_KEY}"
],
"env": {
"UNIZO_API_KEY": "your_api_key"
}
}
}
}
Client Setup
For detailed setup instructions with specific AI clients:
Environment Variables
The following environment variables are required:
UNIZO_API_KEY: Your Unizo API key Your Unizo API key
Error Handling
All tools return errors in a consistent format:
{
"error": {
"code": "REPOSITORY_NOT_FOUND",
"message": "Repository 'example/repo' not found"
}
}
Common error codes:
INTEGRATION_NOT_FOUND: Invalid integration IDREPOSITORY_NOT_FOUND: Repository doesn't exist or no accessARTIFACT_NOT_FOUND: The specified package or image was not foundTAG_NOT_FOUND: Tag not found in repositoryVULNERABILITY_SCAN_FAILED: Issue during vulnerability scanRATE_LIMIT_EXCEEDED: API rate limit reachedUNAUTHORIZED: Invalid API key or insufficient permissions