agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.34.0.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Agent-bom is an AI supply chain security scanner designed to detect vulnerabilities (CVEs) in packages and images while assessing security risks such as credential exposure, tool access, and privilege escalation. It automates the mapping of blast radius from vulnerabilities to compromised AI agents, credentials, and tools, offering comprehensive risk assessments and compliance with frameworks like OWASP, MITRE, and NIST. Its advanced capabilities include malicious package detection, enterprise-level remediation insights, and enriched security metrics, addressing critical gaps in traditional vulnerability scanners.
Release notes
What’s Changed
- fix: resolve ClawHub suspicious rating + rebrand identity by @msaad00 in https://github.com/msaad00/agent-bom/pull/50
- fix: improve OpenSSF Scorecard — signed releases, pinned deps, vuln fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/51
- fix: allow jinja2/werkzeug licenses in dependency review by @msaad00 in https://github.com/msaad00/agent-bom/pull/52
- feat: add OWASP MCP Top 10 compliance mapping by @msaad00 in https://github.com/msaad00/agent-bom/pull/53
- feat: add malicious package detection (MAL- prefix + typosquat) by @msaad00 in https://github.com/msaad00/agent-bom/pull/54
- feat: add OpenSSF Scorecard API enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/55
- feat: add visual storytelling SVG diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/56
- feat: add AI infrastructure scanning profiles by @msaad00 in https://github.com/msaad00/agent-bom/pull/57
- docs: overhaul documentation for new features by @msaad00 in https://github.com/msaad00/agent-bom/pull/58
- feat: add runtime MCP traffic monitoring by @msaad00 in https://github.com/msaad00/agent-bom/pull/59
- feat: enhance REST API with compliance and security endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/60
- feat: add runtime sidecar Docker container by @msaad00 in https://github.com/msaad00/agent-bom/pull/61
- feat: add enterprise integrations (Jira, Slack, Vanta, Drata) by @msaad00 in https://github.com/msaad00/agent-bom/pull/62
- fix: audit cleanup — wire integrations, update docs and metadata by @msaad00 in https://github.com/msaad00/agent-bom/pull/63
- release: v0.34.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/64
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.33.0...v0.34.0