Introduction

This document provides standardized MCP-format documentation for Application, Portfolio, and Project tools in CoreStack.

Application Management Tools

application_list_and_retrieval

List and retrieve applications for the selected tenant.

Returns: JSON object containing applications, total_count, and batch_info.

Sample Questions:

• List all applications.
• Search for applications by name containing “MyApp.
• Filter applications by owner and tags.
• List applications in a given portfolio, sorted by name ascending.

application_get_details

Retrieve detailed information for a specific application.

Returns: JSON object with application details, including owner, tags, portfolio_ids, project_ids, sbom_definitions, and metadata.

Sample Questions:

• Get details of application by ID.
• Show SBOM count for an application.
• Retrieve owner email and metadata for an application.

Portfolio Management Tools

portfolio_list_and_retrieval

List and retrieve portfolios for the selected tenant.

Returns: JSON object containing portfolios with counts (application_count, sbom_count), total_count, and batch_info.

Sample Questions:

• List all portfolios.
• Search portfolios by name containing “Production”.
• Filter portfolios with SBOMs and increase batch size.
• Filter by application names, sorted by name ascending.

portfolio_get_details

Retrieve detailed information for a specific portfolio.

Returns: JSON object with portfolio details including applications, projects, sbom_definitions, statistics, and metadata.

Sample Questions:

• Get details for a portfolio by ID.
• Show total applications and SBOMs for a portfolio.
• List applications within a portfolio with owners.

Project Management Tools

project_list_and_retrieval

List and retrieve projects for the selected tenant.

Returns: JSON object containing projects, total_count, and batch_info.

Sample Questions:

• List all projects.
• Search projects with name containing “API”.
• Filter by owner and portfolio, with batch size 25.
• Filter by tags and sort by name ascending.
• Filter by AppSecOps project IDs.

project_get_details

Retrieve detailed information for a specific project.

Returns: JSON object with project details including owner, tags, portfolios, appsecops_project, sbom_definitions, and metadata.

Sample Questions:

• Get details for a project by ID.
• Show owner email for a project.
• List portfolios containing this project.
• Check AppSecOps integration status.

SBOM Management Tools

sbom_definition_list_and_retrieval

List and retrieve SBOM definitions for the selected tenant.

Returns: JSON object containing SBOM definitions with latest version metadata, counts (versions/components/vulnerabilities), total_count, and batch_info.

Sample Questions:

• List all SBOM definitions.
• Search SBOMs by keyword (e.g., "frontend").
• Filter SBOMs by application or tags.

sbom_definition_get_batch

Batch retrieve detailed information for multiple SBOM definitions by their IDs.

Returns: JSON object with SBOM definition details including versions and metadata for each definition ID.

Sample Questions:

• Get multiple SBOM definitions at once.
• Retrieve all versions for selected SBOM definitions.

sbom_get_details

Retrieve detailed information for a specific SBOM definition.

Returns: JSON object with SBOM definition, application/portfolio/project links, version list with counts and vulnerability statistics, and metadata.

Sample Questions:

• Get details for an SBOM definition by ID.
• Show total vulnerabilities and latest version for an SBOM.

sbom_version_list_for_definition

List all versions for a specific SBOM definition.

Returns: JSON object listing versions for an SBOM definition, including counts and predecessor relationships.

Sample Questions:

• List all versions for an SBOM definition.
• Find the latest SBOM version and its vulnerability counts.

sbom_version_get_details

Retrieve detailed information for a specific SBOM version.

Returns: JSON object with SBOM version details (components, vulnerabilities, container findings, statistics, and metadata).

Sample Questions:

• Get details for an SBOM version by ID.
• List critical vulnerabilities and affected components in a version.

sbom_version_get_batch

Batch retrieve detailed information for multiple SBOM versions by their IDs.

Returns: JSON object with multiple SBOM version summaries (component and vulnerability counts, statistics, created_at).

Sample Questions:

• Fetch multiple SBOM versions at once.
• Compare counts across selected versions.

sbom_version_compare_builds

Compare two SBOM builds to see differences in components and vulnerabilities.

Returns: JSON object with component and vulnerability changes (added/removed/updated) and a summary of net change.

Sample Questions:

• Compare latest build with its predecessor.
• List new vulnerabilities introduced by a build.

sbom_version_diff_get_batch

Batch retrieve diff information for multiple SBOM versions showing changes from predecessor versions.

Returns: JSON object with diff summaries (components/vulnerabilities/container findings added/removed, net vulnerability change).

Sample Questions:

• Get diff summaries for multiple SBOM versions.
• Identify builds that regressed security.

sbom_components_get_batch

Batch retrieve detailed information for multiple SBOM components by their IDs.

Returns: JSON object with component details (type, license) and associated vulnerabilities with severity counts and KEV flags.

Sample Questions:

• Get details for multiple components.
• List CVEs for a specific component.

Dashboard & Analytics Tools

dashboard_portfolio_hierarchy

Get portfolio hierarchy summary showing organizational structure.

Returns: JSON object containing hierarchy of portfolios → applications → projects → SBOMs with aggregated vulnerability statistics and a summary block.

Sample Questions:

• Show portfolio hierarchy with counts.
• List orphaned applications not in any portfolio.

dashboard_sbom_components_summary

Get SBOM components summary for all SBOMs, including license and vulnerability metrics.

Returns: JSON object with per-SBOM component lists and an overall summary (totals, vulnerable component counts, distribution by type and license, top vulnerable components).

Sample Questions:

• Get SBOM components overview for my tenant.
• List only vulnerable components across all SBOMs.
• Generate a license compliance summary.

dashboard_sbom_vulnerabilities_summary

Get SBOM vulnerabilities summary with severity breakdown, KEV flags, and fixability.

Returns: JSON object with vulnerability lists per SBOM and an overall summary (by severity, KEV count, fixable count/percentage, age stats, top CVEs).

Sample Questions:

• Summarize vulnerabilities across all SBOMs.
• Show top CVEs and fixability rate.

dashboard_sbom_build_difference_trend

Get trend of build differences showing added/removed components and vulnerabilities over a date range.

Returns: JSON object with per-build trend entries and a summary (totals, improvement rate, builds with improvements/regressions).

Sample Questions:

• Show last 90 days of build differences.
• Analyze net vulnerability change between SBOM versions.

dashboard_top_actionable_issues

Get top 10 risk-prioritized actionable issues (combines CVSS, EPSS, KEV, age, and impact).

Returns: JSON object with ranked actionable issues (risk factors, impact, remediation) and a summary of totals (critical, KEV, fixable, affected applications).

Sample Questions:

• What are my top 10 security issues right now?
• Filter issues discovered in the last 30 days.
• Group priority issues by application.

dashboard_vulnerabilities_by_component

Get aggregated vulnerability counts grouped by component properties (product, KEV status, severity).

Returns: JSON object with groups (counts by severity, top vulnerabilities) and overall summary of totals and top groups.

Sample Questions:

• Group vulnerabilities by component/product.
• Show KEV vs non-KEV vulnerability distribution.
• List vulnerabilities grouped by severity.

dashboard_vulnerability_trend_by_severity

Get vulnerability trend data grouped by severity over time (day/week/month/quarter/year).

Returns: JSON object with time-bucketed vulnerability counts and changes by severity, plus overall trend summary.

Sample Questions:

• Show monthly vulnerability trend for the last 90 days.
• Get weekly vulnerability changes for the last 12 weeks.

Vulnerability Management Tools

vulnerability_get_details_batch

Get detailed information for multiple vulnerabilities by their IDs.

Returns: JSON object with vulnerability details (CVE/CWE, severity, CVSS, KEV, EPSS, affected components, references, remediation, exploit info).

Sample Questions:

• Fetch details for a list of vulnerability IDs.
• Identify KEV vulnerabilities with fixes available.

vulnerability_get_prevalence

Get organizational prevalence data for specific vulnerabilities (blast radius across portfolios/applications/projects/SBOMs).

Returns: JSON object with prevalence data and statistics (occurrences, affected portfolios/applications/projects/SBOM versions/components).

Sample Questions:

• Where is CVE-XXXX present across the organization?
• Cross-tenant prevalence comparison for selected vulnerabilities.

container_findings_list_and_retrieval

List and retrieve container security findings (Dockle/Hadolint) for the selected tenant.

Returns: JSON object with findings, total_count, and summary (by severity/category/status), including Dockerfile line/context when available.

Sample Questions:

• List all container findings and severity summary.
• Filter for CRITICAL/HIGH findings for a specific SBOM version.

container_findings_get_batch

Get detailed information for multiple container findings by their IDs.

Returns: JSON object with full finding details (scanner type, location, Dockerfile path/line/content, remediation, references, status/history).

Sample Questions:

• Retrieve full details for selected container findings.
• Generate remediation report grouped by application.