agent-bom Scan

Version updated for https://github.com/msaad00/agent-bom to version v0.75.12.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Summary:
The agent-bom GitHub Action is a security analysis tool designed to assess the blast radius of vulnerabilities in AI agent infrastructures. It extends traditional CVE scanning by mapping vulnerabilities to their potential impact on credentials, tools, and runtime environments, offering CWE-aware impact classification. This action automates tasks such as dependency scanning, AI agent discovery, infrastructure analysis, and security posture reporting, providing actionable insights to bolster security and trust in agentic systems.

What’s Changed

What’s Changed

• Fix post-release hygiene: uv.lock, demo, dist cleanup by @msaad00 in https://github.com/msaad00/agent-bom/pull/1128
• Fix self-scan, provenance export, and release surface alignment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1129
• feat(cli): add first-class skills scan and verify by @msaad00 in https://github.com/msaad00/agent-bom/pull/1139
• chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1138
• chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1132
• chore(deps): bump recharts from 3.8.0 to 3.8.1 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1136
• chore(deps): bump @xyflow/react from 12.10.1 to 12.10.2 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1134
• chore(deps): bump @dagrejs/dagre from 2.0.4 to 3.0.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1133
• chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1131
• chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1130
• Fix filesystem scan output credibility by @msaad00 in https://github.com/msaad00/agent-bom/pull/1140
• Improve advisory labeling and resolver continuity by @msaad00 in https://github.com/msaad00/agent-bom/pull/1141
• Add live MCP tool capability risk scoring by @msaad00 in https://github.com/msaad00/agent-bom/pull/1142
• Harden npm version resolution backpressure by @msaad00 in https://github.com/msaad00/agent-bom/pull/1143
• Align CLI first-run and quickstart surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1144
• Polish dashboard hero and graph visuals by @msaad00 in https://github.com/msaad00/agent-bom/pull/1145
• Tighten remediation JSON and posture messaging by @msaad00 in https://github.com/msaad00/agent-bom/pull/1146
• fix(ui): align eslint with next peer range by @msaad00 in https://github.com/msaad00/agent-bom/pull/1147
• fix(scorecard): resolve source metadata before enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1148
• chore: prepare 0.75.12 release by @msaad00 in https://github.com/msaad00/agent-bom/pull/1149
• fix: close final 0.75.12 carry-forwards by @msaad00 in https://github.com/msaad00/agent-bom/pull/1150
• docs: polish release audit cosmetics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1151
• docs: sharpen CI/CD and enterprise adoption paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1152

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.75.12

• msaad00
• GitHub Actions