agent-bom Scan

Version updated for https://github.com/msaad00/agent-bom to version v0.76.0.

• This action is used across all versions by 0 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

agent-bom is an open-source security scanner and graphing tool for agent-based infrastructures, enabling users to map vulnerabilities and their downstream impact across packages, Multi-Agent Control Protocol (MCP) servers, AI agents, credentials, and runtime tools. It automates the discovery of security risks and visualizes the “blast radius” of vulnerabilities, providing actionable insights into their potential reach and impact. Key functionalities include runtime inspection, impact classification, API integration, and comprehensive reporting, making security and visibility accessible without enterprise-level resources.

What’s Changed

What’s Changed

• feat(api): polish distributed tracing headers by @msaad00 in https://github.com/msaad00/agent-bom/pull/1246
• feat(ci): guard JS supply chain surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1248
• chore(deps-dev): bump @types/node from 25.5.0 to 25.5.2 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1249
• chore(deps-dev): bump typescript from 5.9.3 to 6.0.2 in /sdks/typescript by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1250
• feat(skills): resolve JS import aliases in code analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1251
• feat(api): expose tracing health and baggage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1252
• feat(scan): surface project lockfile inventory by @msaad00 in https://github.com/msaad00/agent-bom/pull/1253
• feat(scan): expose model supply-chain coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1254
• feat(scan): surface model bundle lineage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1255
• feat(api): make ClickHouse analytics a first-class backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/1256
• feat(scan): surface advisory depth for project inventory by @msaad00 in https://github.com/msaad00/agent-bom/pull/1257
• feat(verify): add model weight verification CLI by @msaad00 in https://github.com/msaad00/agent-bom/pull/1258
• feat(report): diff external sboms against scans by @msaad00 in https://github.com/msaad00/agent-bom/pull/1259
• feat(scan): expose advisory source attribution by @msaad00 in https://github.com/msaad00/agent-bom/pull/1260
• docs(enterprise): map claims to controls and community paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1261
• docs(community): publish Discord support link by @msaad00 in https://github.com/msaad00/agent-bom/pull/1262
• docs(demo): refresh storefront hero surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1265
• feat(clickhouse): persist API scan analytics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1266
• chore(deps): bump vite from 8.0.1 to 8.0.5 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1270
• chore: weekly uv.lock upgrade 2026-04-06 by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/1267
• chore: sync MCP registry — 0 new, 0 from toolhive, 9 versions, 0 CVE-enriched by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/1269
• ci: sign automation update commits by @msaad00 in https://github.com/msaad00/agent-bom/pull/1271
• feat(clickhouse): add fleet compliance and audit analytics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1272
• docs: sharpen release surfaces and graph focus by @msaad00 in https://github.com/msaad00/agent-bom/pull/1273
• fix(docs): remove stray readme conflict marker by @msaad00 in https://github.com/msaad00/agent-bom/pull/1275
• feat(cli): add standalone remediate command by @msaad00 in https://github.com/msaad00/agent-bom/pull/1276
• refactor(cli): extract shared scan runner from remediate by @msaad00 in https://github.com/msaad00/agent-bom/pull/1278
• feat(graph): collapse CVEs behind package summaries by @msaad00 in https://github.com/msaad00/agent-bom/pull/1279
• chore(deps-dev): bump jsdom from 29.0.1 to 29.0.2 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1280
• [codex] add js ts ast fallback analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1282
• feat(graph): unified OCSF-aligned graph schema with persistence by @msaad00 in https://github.com/msaad00/agent-bom/pull/1283
• feat(graph): unified OCSF-aligned graph schema, pipeline wiring, query endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/1284
• [codex] fix CI Railway health probes for deployment drift checks by @msaad00 in https://github.com/msaad00/agent-bom/pull/1285
• feat(graph): full inventory builder + Wave 1 enhancements by @msaad00 in https://github.com/msaad00/agent-bom/pull/1286
• feat: advance AST and SAST analysis paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1287
• feat(graph): Wave 1 — reverse queries, impact, search, runtime edges, full entity model by @msaad00 in https://github.com/msaad00/agent-bom/pull/1288
• feat(graph): Wave 2-3 — pagination, RBAC, presets, webhooks, OCSF enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1289
• feat: deepen AST taint and control-flow analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1290
• chore(deps-dev): bump vitest from 4.1.2 to 4.1.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1291
• chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1292
• harden unified graph snapshot persistence and report ingestion by @msaad00 in https://github.com/msaad00/agent-bom/pull/1293
• fix concurrent scanner state and scan cache access by @msaad00 in https://github.com/msaad00/agent-bom/pull/1294
• feat(graph): move graph page onto unified graph api by @msaad00 in https://github.com/msaad00/agent-bom/pull/1295
• feat(graph): add server-backed explorer controls by @msaad00 in https://github.com/msaad00/agent-bom/pull/1296
• feat(graph): add attack-path drilldown and unify security route by @msaad00 in https://github.com/msaad00/agent-bom/pull/1297
• chore: tighten release claims and bump cryptography by @msaad00 in https://github.com/msaad00/agent-bom/pull/1298
• feat(graph): add postgres graph store backend by @msaad00 in https://github.com/msaad00/agent-bom/pull/1299
• feat(graph): deliver delta alerts and tighten claims by @msaad00 in https://github.com/msaad00/agent-bom/pull/1300
• perf: speed graph search and harden security coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1301
• feat: deepen AST and SAST analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1302
• feat: deepen Go AST and custom SAST workflows by @msaad00 in https://github.com/msaad00/agent-bom/pull/1303
• feat: expand first-party AST security heuristics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1304
• fix: harden graph delta delivery and path semantics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1305
• feat: deepen AST cross-file and flow heuristics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1306
• feat: deepen JS/TS AST interprocedural analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1307
• feat: add JS/TS taint-aware interprocedural flows by @msaad00 in https://github.com/msaad00/agent-bom/pull/1309
• feat: add Go AST cross-file taint analysis by @msaad00 in https://github.com/msaad00/agent-bom/pull/1310
• fix: harden CodeQL SARIF upload path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1311
• docs: align README with current product path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1312
• feat: add per-layer CVE attribution for container images by @msaad00 in https://github.com/msaad00/agent-bom/pull/1315
• feat: add PDF export for scan reports by @msaad00 in https://github.com/msaad00/agent-bom/pull/1316
• polish: tighten README visuals and demo scan output by @msaad00 in https://github.com/msaad00/agent-bom/pull/1317
• release: prepare 0.76.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1318
• fix: replace PDF renderer with built-in export by @msaad00 in https://github.com/msaad00/agent-bom/pull/1319

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.76.0

• msaad00
• GitHub Actions