Skip to content

ra-mcp

Security & Releases

AI-Riksarkivet/ra-mcp

ra-mcp

AI-Riksarkivet/ra-mcp

ra-mcp
ra-mcp
- ra-mcp
Getting Started
Getting Started
How it Works
How it Works
Tools & Skills
Tools & Skills
CLI
CLI
API
API
- Overview
- Common
- Search
- Browse
- MCP Tools
Development
Development
- Setup
- Deployment
- Observability
- Security Security
  On this page

Security & Releases

SBOM

# SPDX format
dagger call generate-sbom-spdx --source=.

# CycloneDX format
dagger call generate-sbom-cyclone-dx --source=.

Vulnerability Scanning

# Scan for CRITICAL and HIGH
dagger call scan-ci --source=.

# Custom severity
dagger call scan --source=. --severity="CRITICAL,HIGH,MEDIUM" --format="table"

Supply Chain

SLSA Provenance (Level 2) — generated by BuildKit during CI
Sigstore — container images are signed
SBOM attestations — embedded in registry manifests
OpenSSF Scorecard — continuous security assessment

Releasing

# Bump version, commit, tag, push
make release VERSION=0.9.0

This triggers:

release.yml — generates changelog with git-cliff, creates GitHub Release
publish.yml — builds and pushes Docker images (Alpine + Wolfi variants)