agent-bom Scan
Version updated for https://github.com/msaad00/agent-bom to version v0.84.6.
- This action is used across all versions by 0 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Agent-bom is a security scanning tool designed for analyzing vulnerabilities across the AI supply chain and infrastructure, including agents, MCP servers, packages, containers, and cloud platforms. It automates the detection of CVEs (Common Vulnerabilities and Exposures) and provides actionable remediation insights by tracing the blast radius of vulnerabilities, from specific packages to exposed credentials and tools. This helps organizations identify and mitigate security risks effectively within complex AI ecosystems.
What’s Changed
What’s Changed
- chore: scrub tool-credit phrasing from regression-test docstring by @msaad00 in https://github.com/msaad00/agent-bom/pull/2180
- feat(cli): startup banner, findings header label, severity-breakdown closer, OSV-first GHSA UX by @msaad00 in https://github.com/msaad00/agent-bom/pull/2181
- fix(version-utils): handle npm SemVer pre-release tags in version compare by @msaad00 in https://github.com/msaad00/agent-bom/pull/2182
- feat(cli): route scanner warnings through Rich during progress to stop spinner stacking by @msaad00 in https://github.com/msaad00/agent-bom/pull/2183
- feat(cli): verdict-led compact posture summary, full panel behind –verbose by @msaad00 in https://github.com/msaad00/agent-bom/pull/2184
- fix(cli): use Severity.value so the scan-complete severity closer renders content by @msaad00 in https://github.com/msaad00/agent-bom/pull/2185
- chore: prepare v0.84.6 release by @msaad00 in https://github.com/msaad00/agent-bom/pull/2186
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.84.5...v0.84.6