agent-bom Scan

Version updated for https://github.com/msaad00/agent-bom to version v0.74.1.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Agent-bom is a security scanning tool designed specifically for AI infrastructure and supply chains. It automates the discovery of AI agents, scans source code for vulnerabilities and exposed credentials, generates a comprehensive AI Bill of Materials (BOM), and maps the blast radius of security risks across dependencies, tools, and credentials. By integrating runtime enforcement capabilities and verifying supply chain integrity, it helps address critical security challenges in AI workflows and ecosystems.

Release notes

What’s Changed

• fix: MCP Registry description length (422 validation) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1002
• Use pyproject.toml as source of truth for version in publish workflow by @andres-linero in https://github.com/msaad00/agent-bom/pull/1001
• Enterprise foundation: dev experience, scanner accuracy, bug fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/1003
• fix: runtime security + compliance wiring audit fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/1004
• feat: supply chain provenance + Go checksum DB + cloud timeout by @msaad00 in https://github.com/msaad00/agent-bom/pull/1005
• release: v0.74.1 — security hardening, compliance wiring, README overhaul by @msaad00 in https://github.com/msaad00/agent-bom/pull/1006
• chore: align Docker Hub + action.yml for v0.74.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1007

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.74.1

• msaad00
• GitHub Actions