agent-bom Scan

Version updated for https://github.com/msaad00/agent-bom to version v0.36.1.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The GitHub Action “agent-bom” is an advanced AI supply chain security scanner designed to detect vulnerabilities (CVEs) in packages and images while assessing the broader security impacts, such as credential exposure, tool accessibility, and privilege risks. It automates the mapping of vulnerabilities to their potential blast radius, including affected agents, exposed credentials, and tools, providing comprehensive risk assessments and enterprise-focused remediation strategies. Key capabilities include compliance with multiple frameworks (e.g., OWASP, MITRE, NIST), malicious package detection, and integration with OpenSSF Scorecards for package health insights.

Release notes

What’s Changed

• fix: address ClawHub trust assessment feedback by @msaad00 in https://github.com/msaad00/agent-bom/pull/111
• feat: alert pipeline, runtime protection, multi-tenant fleet + v0.36.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/112

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.36.0...v0.36.1

• msaad00
• GitHub Actions