agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.64.0.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Agent-bom is a security scanner and runtime enforcement proxy designed for AI infrastructure. It identifies vulnerabilities (CVEs), detects credential leaks, assesses attack blast radius, and audits instruction files for malicious patterns. Additionally, it actively enforces security policies in real-time by intercepting traffic, making it a comprehensive tool for securing AI systems and mitigating risks.
Release notes
What’s Changed
- feat: dynamic MITRE ATT&CK mapping via STIX + CWE bridge by @msaad00 in https://github.com/msaad00/agent-bom/pull/386
- docs: align all description surfaces to one canonical message by @msaad00 in https://github.com/msaad00/agent-bom/pull/393
- feat: agent identity (#388), semantic injection (#387), HF model hashes (#389) by @msaad00 in https://github.com/msaad00/agent-bom/pull/394
- ci: scope fuzz workflow to fuzz/** only by @msaad00 in https://github.com/msaad00/agent-bom/pull/395
- feat: zero-trust auth model — SSO default, no passwords stored by @msaad00 in https://github.com/msaad00/agent-bom/pull/396
- docs: promote proxy+scanner equally, fix roadmap accuracy by @msaad00 in https://github.com/msaad00/agent-bom/pull/397
- security: harden proxy message size + expand Trust section by @msaad00 in https://github.com/msaad00/agent-bom/pull/398
- chore: bump version to v0.63.2 by @msaad00 in https://github.com/msaad00/agent-bom/pull/399
- feat: JWKS signature verification + .agent-bom.yaml project config by @msaad00 in https://github.com/msaad00/agent-bom/pull/400
- chore: bump version to v0.63.3 by @msaad00 in https://github.com/msaad00/agent-bom/pull/401
- feat: standalone introspect command + WebSocket live metrics + protect_cmd config wiring by @msaad00 in https://github.com/msaad00/agent-bom/pull/402
- fix: WebSocket auth + O(1) deque ring buffer + AI enrichment call cap by @msaad00 in https://github.com/msaad00/agent-bom/pull/403
- fix: Next.js API proxy + JSON import + Streamlit treemap + demo agent_type by @msaad00 in https://github.com/msaad00/agent-bom/pull/410
- feat: Next.js Insights page — supply chain treemap, blast radius radial, pipeline flow by @msaad00 in https://github.com/msaad00/agent-bom/pull/411
- fix: validate + sanitize JSON report upload by @msaad00 in https://github.com/msaad00/agent-bom/pull/413
- feat: UI charts, retry buttons, treemap drill-down + OSS hardening by @msaad00 in https://github.com/msaad00/agent-bom/pull/414
- fix: pin transitive CVEs + slowloris hardening by @msaad00 in https://github.com/msaad00/agent-bom/pull/415
- feat: fullstack deploy guide + MCP tool titles by @msaad00 in https://github.com/msaad00/agent-bom/pull/416
- fix: MITRE offline fallback + obfuscated credential detection by @msaad00 in https://github.com/msaad00/agent-bom/pull/417
- feat: browser extension discovery (–browser-extensions) by @msaad00 in https://github.com/msaad00/agent-bom/pull/422
- chore: bump version to v0.64.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/423
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.63.1...v0.64.0