agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.35.0.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Agent-bom is an AI supply chain security scanner designed to identify vulnerabilities (CVEs) in packages and images while assessing configuration security risks, such as credential exposure, tool access, and privilege escalation. It automates blast radius mapping to trace vulnerabilities from packages to compromised AI agents, exposed credentials, and accessible tools, providing detailed insights into the potential business impact. Key capabilities include AI agent discovery, credential exposure analysis, malicious package detection, and compliance with frameworks like OWASP, MITRE ATLAS, and NIST AI RMF.
Release notes
What’s Changed
- fix: shorten MCP registry description to <=100 chars by @msaad00 in https://github.com/msaad00/agent-bom/pull/65
- fix: trim README to 2 diagrams — replace 9 with 1 clear workflow by @msaad00 in https://github.com/msaad00/agent-bom/pull/66
- fix: add explicit security boundaries to SKILL.md per ClawHub feedback by @msaad00 in https://github.com/msaad00/agent-bom/pull/67
- fix: update SVG diagrams — accuracy, text overflow, outdated counts by @msaad00 in https://github.com/msaad00/agent-bom/pull/68
- feat: Phase 2 API enhancements — proxy endpoints, scorecard, webhook by @msaad00 in https://github.com/msaad00/agent-bom/pull/69
- fix: update SVG diagrams for runtime proxy + API endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/70
- feat: CLI verbose/no-color, LLM03 training data poisoning, RAG coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/71
- feat: agent lifecycle visualization + OWASP MCP compliance UI by @msaad00 in https://github.com/msaad00/agent-bom/pull/72
- feat: platform packaging — dashboard topology + Docker Compose by @msaad00 in https://github.com/msaad00/agent-bom/pull/73
- feat: agent fleet management with trust scoring by @msaad00 in https://github.com/msaad00/agent-bom/pull/74
- feat: gateway policies with runtime MCP enforcement by @msaad00 in https://github.com/msaad00/agent-bom/pull/75
- fix: compact CLI output — default scan is ~40 lines by @msaad00 in https://github.com/msaad00/agent-bom/pull/76
- fix: kill Streamlit — serve command starts API server by @msaad00 in https://github.com/msaad00/agent-bom/pull/77
- feat: interactive lineage graph — dagre layout, 6 node types by @msaad00 in https://github.com/msaad00/agent-bom/pull/78
- chore(deps): bump minimatch in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/79
- feat: agent mesh topology — shared servers, credential blast by @msaad00 in https://github.com/msaad00/agent-bom/pull/81
- feat: Snowflake table storage for all store protocols by @msaad00 in https://github.com/msaad00/agent-bom/pull/82
- feat: Snowpark Container Services + Streamlit in Snowflake dashboard by @msaad00 in https://github.com/msaad00/agent-bom/pull/83
- feat: Snowflake Native App packaging for Marketplace by @msaad00 in https://github.com/msaad00/agent-bom/pull/84
- release: v0.35.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/85
New Contributors
- @dependabot[bot] made their first contribution in https://github.com/msaad00/agent-bom/pull/79
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.34.0...v0.35.0