agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.78.0.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Agent-BOM is an open-source security scanner designed to analyze the AI supply chain, including agents, MCP servers, packages, containers, cloud infrastructure, GPUs, and runtime environments. It automates the identification of vulnerabilities (CVEs) and their associated blast radius, mapping risks from specific packages to exposed credentials, tools, and infrastructure dependencies. The tool provides actionable recommendations for remediation, helping users secure their AI stack efficiently and comprehensively.
What’s Changed
What’s Changed
- Prepare 0.77.0 release by @msaad00 in https://github.com/msaad00/agent-bom/pull/1497
- Correct release to 0.77.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1498
- Phase 0+1 hardening: rotation, drain, webhook retry, README + visuals by @msaad00 in https://github.com/msaad00/agent-bom/pull/1499
- Add backup-restore round-trip CI workflow by @msaad00 in https://github.com/msaad00/agent-bom/pull/1500
- Add tenant_id column to ClickHouse analytics for row-level isolation by @msaad00 in https://github.com/msaad00/agent-bom/pull/1501
- Add /v1/auth/debug for auth-method introspection by @msaad00 in https://github.com/msaad00/agent-bom/pull/1502
- Add MCP tool-schema validation rule catalog (OWASP-mapped) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1507
- Tighten README diagrams + document the visual language by @msaad00 in https://github.com/msaad00/agent-bom/pull/1503
- Add /v1/compliance/{framework}/report signed evidence bundle endpoint by @msaad00 in https://github.com/msaad00/agent-bom/pull/1504
- Add docs/DATA_MODEL.md \u2014 single atlas for canonical model + DB + outputs by @msaad00 in https://github.com/msaad00/agent-bom/pull/1505
- Update dashboard description for the Risk overview redesign by @msaad00 in https://github.com/msaad00/agent-bom/pull/1506
- Add bounded depth cap to inter-procedural taint analyzer by @msaad00 in https://github.com/msaad00/agent-bom/pull/1508
- Restructure README EKS section + prune redundant topology SVG by @msaad00 in https://github.com/msaad00/agent-bom/pull/1510
- Harden compliance report (replay protection) + broaden LLM05 supply-chain tag by @msaad00 in https://github.com/msaad00/agent-bom/pull/1509
- Fresh screenshots: demo GIF + dashboard PNG (recorded locally) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1511
- Add structured remediation field to CIS benchmark checks (#665 infra) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1512
- Document and enforce OCSF boundary (optional SIEM interop) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1513
- Wire CIS remediation through CLI, HTML, and SARIF (#665) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1517
- Add exploit_likelihood graded signal (EPSS + KEV) — closes #486 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1518
- Wire MCP schema rule findings and harden chart defaults by @msaad00 in https://github.com/msaad00/agent-bom/pull/1519
- chore(release): backfill 0.77.0/0.77.1 CHANGELOG + align tools.json with 36 MCP decorators by @msaad00 in https://github.com/msaad00/agent-bom/pull/1523
- ux(cli): polish Fix First output — spacing + $ command prefix by @msaad00 in https://github.com/msaad00/agent-bom/pull/1524
- ux(dashboard): section headers + collapsibles on Risk overview page by @msaad00 in https://github.com/msaad00/agent-bom/pull/1525
- chore(docs): replace vendor names with generic language in published docs by @msaad00 in https://github.com/msaad00/agent-bom/pull/1526
- chore(skills): align openclaw SKILL.md with on-disk sub-skills + 36-tool catalog by @msaad00 in https://github.com/msaad00/agent-bom/pull/1527
- security(oci): harden tar-member safety against traversal + symlink attacks by @msaad00 in https://github.com/msaad00/agent-bom/pull/1528
- docs: sharpen self-hosted deployment story by @msaad00 in https://github.com/msaad00/agent-bom/pull/1529
- fix: speed up demo scan path and polish check output by @msaad00 in https://github.com/msaad00/agent-bom/pull/1530
- fix: restore inventory schema validation path by @msaad00 in https://github.com/msaad00/agent-bom/pull/1531
- fix: enforce end-to-end inventory and graph contracts by @msaad00 in https://github.com/msaad00/agent-bom/pull/1532
- release: wrap v0.78.0 stabilization by @msaad00 in https://github.com/msaad00/agent-bom/pull/1533
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.77.0...v0.78.0