agent-bom Scan

Version updated for https://github.com/msaad00/agent-bom to version v0.59.3.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Agent-bom is a security scanning tool designed for AI infrastructure that identifies vulnerabilities (CVEs), maps blast radius, detects credential exposure, and assesses the business impact of security risks across MCP agents, containers, Kubernetes, cloud environments, and GPU workloads. It automates the discovery of compromised AI agents, exposed credentials, and tools at risk, offering enriched insights with CVSS, EPSS, and CISA KEV data. Its key capabilities include comprehensive scanning, multi-platform support (Docker, Kubernetes, cloud, and AI models), and generating detailed reports to enhance security posture.

Release notes

What’s Changed

• fix: restrict release workflow to semver tags only by @msaad00 in https://github.com/msaad00/agent-bom/pull/270
• fix: polish blast radius and scan pipeline diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/271
• fix: P0 audit findings — Helm image repo, credential redaction by @msaad00 in https://github.com/msaad00/agent-bom/pull/272
• fix: audit hardening — tool count, log perms, SHA pin, CI matrix by @msaad00 in https://github.com/msaad00/agent-bom/pull/273
• fix: security hardening — DNS rebinding, sequence evasion, resource scanning, metrics auth by @msaad00 in https://github.com/msaad00/agent-bom/pull/281
• fix: SKILL.md VT heuristic + multi-stage Docker builds by @msaad00 in https://github.com/msaad00/agent-bom/pull/282
• chore: bump version to v0.59.3 by @msaad00 in https://github.com/msaad00/agent-bom/pull/283

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.59.3

• msaad00
• GitHub Actions