agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.70.8.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The agent-bom GitHub Action is a security scanner designed for AI infrastructure and supply chains. It automates the discovery, vulnerability scanning, blast radius mapping, and compliance analysis of AI agents, cloud services, and GPU resources, while proactively addressing risks such as credential leaks and compromised tools. Key capabilities include generating an AI Bill of Materials (BOM), identifying vulnerabilities across dependencies, enforcing runtime protection policies, and providing actionable insights into security posture.
Release notes
What’s Changed
- feat: SDK shared patterns.json + cross-language test fixtures by @msaad00 in https://github.com/msaad00/agent-bom/pull/753
- fix: MCP Registry description <= 100 chars by @msaad00 in https://github.com/msaad00/agent-bom/pull/754
- fix: move railway.json to project root — fix SSE deploy by @msaad00 in https://github.com/msaad00/agent-bom/pull/755
- feat: TypeScript runtime SDK — 7 MCP traffic detectors by @msaad00 in https://github.com/msaad00/agent-bom/pull/756
- chore(deps): bump pyjwt from 2.11.0 to 2.12.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/757
- fix: log warnings for skipped unknown/latest versions by @msaad00 in https://github.com/msaad00/agent-bom/pull/766
- fix: eliminate silent failures in scanner pipeline — comprehensive error logging by @msaad00 in https://github.com/msaad00/agent-bom/pull/767
- perf: batch DB lookups for local vulnerability scanning by @msaad00 in https://github.com/msaad00/agent-bom/pull/768
- fix: expand GHSA ingestion to all ecosystems by @msaad00 in https://github.com/msaad00/agent-bom/pull/769
- docs: add P0 issues section to CONTRIBUTING.md by @msaad00 in https://github.com/msaad00/agent-bom/pull/770
- feat: multi-hop blast radius with delegation chain tracking by @msaad00 in https://github.com/msaad00/agent-bom/pull/771
- feat: CWE enrichment from NVD weaknesses + skip optimization by @msaad00 in https://github.com/msaad00/agent-bom/pull/772
- feat: OS-level package vulnerability scanning — wire deb/rpm/apk into OSV by @msaad00 in https://github.com/msaad00/agent-bom/pull/773
- feat: NIST 800-53 Rev 5 + FedRAMP compliance frameworks by @msaad00 in https://github.com/msaad00/agent-bom/pull/774
- fix: address ClawHub security review — strengthen credential handling, remove cross-platform reads by @msaad00 in https://github.com/msaad00/agent-bom/pull/775
- fix: optimize deployment configs — Glama multi-stage build, Railway cold start by @msaad00 in https://github.com/msaad00/agent-bom/pull/776
- feat: IaC misconfiguration scanning — 37 rules across 4 formats by @msaad00 in https://github.com/msaad00/agent-bom/pull/777
- fix: clean –version output, update compliance count, fix demo tape by @msaad00 in https://github.com/msaad00/agent-bom/pull/778
- fix: update mcp-server help — list all 32 tools by @msaad00 in https://github.com/msaad00/agent-bom/pull/779
- fix: update stale counts across 25 files — compliance, cloud, tools by @msaad00 in https://github.com/msaad00/agent-bom/pull/780
- release: v0.70.8 — Ruby parser, GH Action inputs, ecosystem expansion by @msaad00 in https://github.com/msaad00/agent-bom/pull/781
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.70.8