maven-tools

Requires [Maven Tools MCP server](https://github.com/arvindand/maven-tools-mcp) configured in your MCP client.

Recommended setup (Claude Desktop):

```json

{

"mcpServers": {

"maven-tools": {

"command": "docker",

"args": ["run", "-i", "--rm", "arvindand/maven-tools-mcp:latest-noc7"]

}

}

}

```

Why -noc7? The latest-noc7 variant focuses purely on dependency intelligence. For documentation lookup, use the separate [context7 skill](../context7/) which provides broader coverage and works independently. This modular approach means dependency tools work even if Context7 is blocked.

Activate automatically when:

• User asks about Java/Kotlin/Scala/JVM dependencies
• User mentions Maven, Gradle, pom.xml, build.gradle
• User asks "what's the latest version of X"
• User wants to check for updates, CVEs, or license issues
• User says "analyze my dependencies" or "check my pom.xml"
• User asks "should I upgrade X" or "is this version safe"

Pick the right tool for the task (8 tools available):

| User Intent | Tool | Key Parameters |

|-------------|------|----------------|

| "Latest version of X" | get_latest_version | stabilityFilter: PREFER_STABLE (default) |

| "Does version X.Y.Z exist?" | check_version_exists | — |

| "Check these dependencies" (no versions) | check_multiple_dependencies | stabilityFilter |

| "Should I upgrade from X to Y?" | compare_dependency_versions | includeSecurityScan: true |

| "How old are my dependencies?" | analyze_dependency_age | maxAgeInDays threshold |

| "Is this library maintained?" | analyze_release_patterns | monthsToAnalyze: 24 |

| "Show version history" | get_version_timeline | versionCount: 20 |

| "Full health check" | analyze_project_health | includeSecurityScan, includeLicenseScan |

Default choice: When user says "check my dependencies" or pastes a pom.xml → use analyze_project_health for comprehensive analysis.

Control which versions are returned:

| Filter | Use When |

|--------|----------|

| PREFER_STABLE | Default for recommendations — prioritizes stable, includes others |

| STABLE_ONLY | Production upgrades — no RC/beta/alpha |

| ALL | Research — see everything including snapshots |

"Check my dependencies"

1. Extract dependencies from pom.xml or user input
2. Call analyze_project_health with:

- includeSecurityScan: true

- includeLicenseScan: true

1. Report: outdated deps, CVEs, license risks, health score

"Should I upgrade Spring Boot?"

1. Call compare_dependency_versions with current and target versions
2. If major upgrade detected, note breaking changes likely
3. Use context7 skill for migration documentation:

- scripts/context7.py search "spring boot"

- scripts/context7.py docs "" "migration guide"

"Is this dependency safe?"

1. Call get_latest_version to check if user's version is current
2. Call analyze_release_patterns to verify active maintenance
3. Security scan is included by default — report any CVEs

"What libraries should I use for X?"

1. This tool doesn't recommend new libraries — it analyzes existing ones
2. Suggest user specify candidate libraries
3. Then use analyze_project_health to compare candidates

All tools expect Maven coordinates:

```

groupId:artifactId

```

Examples:

• org.springframework.boot:spring-boot-starter
• com.fasterxml.jackson.core:jackson-databind
• org.junit.jupiter:junit-jupiter

From Gradle: Convert implementation("group:artifact:version") → group:artifact

Maven Tools provides version intelligence. For migration guides and API documentation, delegate to the [context7 skill](../context7/).

Workflow:

1. Maven analysis reveals upgrade needed (e.g., Spring Boot 2→3)
2. Load context7 skill for documentation lookup
3. Query: "spring boot 3 migration guide" or "hibernate 6 breaking changes"
4. Combine version data + documentation for complete upgrade plan

Example chain:

```

User: "Should I upgrade Spring Boot from 2.7 to 3.2?"

→ maven-tools: compare_dependency_versions

Result: Major upgrade, 3.2.1 available, no CVEs

→ context7: scripts/context7.py search "spring boot"

→ context7: scripts/context7.py docs "/spring-projects/spring-boot" "2.7 to 3 migration"

Result: javax→jakarta migration steps, config changes

→ Combined response: Version analysis + migration steps

```

This separation means:

• Dependency tools work even if Context7 is unreachable
• Context7 skill is reusable for any library, not just JVM
• Each skill stays focused and maintainable

Health Scores

| Score | Meaning |

|-------|---------|

| 80-100 | Healthy — recent releases, no CVEs |

| 60-79 | Good — minor concerns |

| 40-59 | Aging — consider updates |

| 0-39 | Stale — maintenance risk |

Age Classification

| Class | Age | Action |

|-------|-----|--------|

| fresh | <6 months | No action needed |

| current | 6-12 months | Monitor |

| aging | 1-2 years | Plan upgrade |

| stale | >2 years | Upgrade or replace |

Version Types

| Type | Production Safe? |

|------|-----------------|

| stable | ✅ Yes |

| rc | ⚠️ Test thoroughly |

| beta | ⚠️ Non-critical only |

| alpha | ❌ Development only |

| milestone | ⚠️ Early adopters |

| snapshot | ❌ Never in production |

Example 1: Quick version check

User: "What's the latest stable Spring Boot?"

```

→ get_latest_version

groupId: org.springframework.boot

artifactId: spring-boot-starter

stabilityFilter: STABLE_ONLY

```

Example 2: Upgrade analysis

User: "I'm on Spring Boot 2.7.18, should I upgrade?"

```

→ compare_dependency_versions

dependencies: ["org.springframework.boot:spring-boot-starter:2.7.18"]

includeSecurityScan: true

→ If major upgrade available, delegate to context7 skill:

scripts/context7.py search "spring boot"

scripts/context7.py docs "/spring-projects/spring-boot" "2.7 to 3 migration"

```

Example 3: Full project audit

User: "Analyze my pom.xml" (pastes file)

```

→ Extract all dependencies from pom.xml

→ analyze_project_health

dependencies: [extracted list]

includeSecurityScan: true

includeLicenseScan: true

```

| Issue | Action |

|-------|--------|

| MCP tools unavailable | Inform user: "Maven Tools MCP server not configured. Install from — use latest-noc7 image since we have context7 skill for docs." |

| Dependency not found | Verify groupId:artifactId format, check Maven Central |

| Context7 skill unavailable | Fall back to web search for documentation |

| Security scan slow | Results still return, CVE data may be partial |

| Unknown version type | Treat as unstable, recommend stable alternative |

---

> License: MIT

> Requires: [Maven Tools MCP server](https://github.com/arvindand/maven-tools-mcp) (latest-noc7 recommended)

> Pairs with: [context7 skill](../context7/) for documentation lookup