Red Hat Enterprise Linux · Capability

RHEL Vulnerability Management

Unified capability for Red Hat Enterprise Linux vulnerability management. Combines the Security Data API and Subscription Management API to enable automated CVE assessment, advisory lookup, and system entitlement tracking for security and operations teams.

Run with Naftiko CVERed HatRHELSecuritySubscription ManagementVulnerability Management

What You Can Do

GET
List cves — List CVEs with date, severity, and product filters
/v1/cves
GET
Get cve — Get full CVE details including affected packages
/v1/cves/{cveId}
GET
Get advisory — Get Red Hat Security Advisory
/v1/advisories/{advisoryId}
GET
List systems — List registered RHEL systems
/v1/systems
GET
List subscriptions — List Red Hat subscriptions
/v1/subscriptions
GET
List allocations — List subscription allocations
/v1/allocations

MCP Tools

list-cves

List CVEs affecting Red Hat products, filterable by severity, product, and date range

read-only
get-cve

Get full CVE details including affected packages, CVSS scores, and fix status

read-only
get-advisory

Get Red Hat Security Advisory details with patched package versions

read-only
list-systems

List RHEL systems registered with subscription management

read-only
get-system

Get entitlement status and details for a specific RHEL system

read-only
list-subscriptions

List active Red Hat subscriptions for the account

read-only
list-allocations

List subscription allocations and entitlement details

read-only

APIs Used

rhel-security-data rhel-subscription

Capability Spec

vulnerability-management.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "RHEL Vulnerability Management"
  description: >-
    Unified capability for Red Hat Enterprise Linux vulnerability management.
    Combines the Security Data API and Subscription Management API to enable
    automated CVE assessment, advisory lookup, and system entitlement tracking
    for security and operations teams.
  tags:
    - CVE
    - Red Hat
    - RHEL
    - Security
    - Subscription Management
    - Vulnerability Management
  created: "2026-05-02"
  modified: "2026-05-02"

binds:
  - namespace: env
    keys:
      REDHAT_OAUTH_TOKEN: REDHAT_OAUTH_TOKEN

capability:
  consumes:
    - import: rhel-security-data
      location: ./shared/security-data.yaml
    - import: rhel-subscription
      location: ./shared/subscription-management.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: rhel-vulnerability-management-api
      description: "Unified REST API for RHEL vulnerability and subscription management."
      resources:
        - path: /v1/cves
          name: cves
          description: "CVE listing and filtering"
          operations:
            - method: GET
              name: list-cves
              description: "List CVEs with date, severity, and product filters"
              call: "rhel-security-data.list-cves"
              with:
                before: "rest.before"
                after: "rest.after"
                product: "rest.product"
                severity: "rest.severity"
                per_page: "rest.per_page"
                page: "rest.page"
              outputParameters:
                - type: array
                  mapping: "$."
        - path: /v1/cves/{cveId}
          name: cve-detail
          description: "Individual CVE details"
          operations:
            - method: GET
              name: get-cve
              description: "Get full CVE details including affected packages"
              call: "rhel-security-data.get-cve"
              with:
                cveId: "rest.cveId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/advisories/{advisoryId}
          name: advisory
          description: "Security advisory details"
          operations:
            - method: GET
              name: get-advisory
              description: "Get Red Hat Security Advisory"
              call: "rhel-security-data.get-advisory"
              with:
                advisoryId: "rest.advisoryId"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/systems
          name: systems
          description: "Registered RHEL systems"
          operations:
            - method: GET
              name: list-systems
              description: "List registered RHEL systems"
              call: "rhel-subscription.list-systems"
              with:
                limit: "rest.limit"
                offset: "rest.offset"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/subscriptions
          name: subscriptions
          description: "Account subscriptions"
          operations:
            - method: GET
              name: list-subscriptions
              description: "List Red Hat subscriptions"
              call: "rhel-subscription.list-subscriptions"
              with:
                limit: "rest.limit"
              outputParameters:
                - type: object
                  mapping: "$."
        - path: /v1/allocations
          name: allocations
          description: "Subscription allocations"
          operations:
            - method: GET
              name: list-allocations
              description: "List subscription allocations"
              call: "rhel-subscription.list-allocations"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: rhel-vulnerability-management-mcp
      transport: http
      description: "MCP server for AI-assisted RHEL vulnerability management and compliance workflows."
      tools:
        - name: list-cves
          description: "List CVEs affecting Red Hat products, filterable by severity, product, and date range"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-security-data.list-cves"
          with:
            after: "tools.after"
            before: "tools.before"
            product: "tools.product"
            severity: "tools.severity"
          outputParameters:
            - type: array
              mapping: "$."
        - name: get-cve
          description: "Get full CVE details including affected packages, CVSS scores, and fix status"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-security-data.get-cve"
          with:
            cveId: "tools.cveId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-advisory
          description: "Get Red Hat Security Advisory details with patched package versions"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-security-data.get-advisory"
          with:
            advisoryId: "tools.advisoryId"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-systems
          description: "List RHEL systems registered with subscription management"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-subscription.list-systems"
          with:
            limit: "tools.limit"
          outputParameters:
            - type: object
              mapping: "$."
        - name: get-system
          description: "Get entitlement status and details for a specific RHEL system"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-subscription.get-system"
          with:
            uuid: "tools.uuid"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-subscriptions
          description: "List active Red Hat subscriptions for the account"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-subscription.list-subscriptions"
          with:
            limit: "tools.limit"
          outputParameters:
            - type: object
              mapping: "$."
        - name: list-allocations
          description: "List subscription allocations and entitlement details"
          hints:
            readOnly: true
            openWorld: true
          call: "rhel-subscription.list-allocations"
          outputParameters:
            - type: object
              mapping: "$."