Skip to content

msaad00/agent-bom

v0.34.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Summary

AI summary

Added OWASP MCP Top 10 compliance mapping.

Full changelog

What's Changed

  • fix: resolve ClawHub suspicious rating + rebrand identity by @msaad00 in https://github.com/msaad00/agent-bom/pull/50
  • fix: improve OpenSSF Scorecard — signed releases, pinned deps, vuln fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/51
  • fix: allow jinja2/werkzeug licenses in dependency review by @msaad00 in https://github.com/msaad00/agent-bom/pull/52
  • feat: add OWASP MCP Top 10 compliance mapping by @msaad00 in https://github.com/msaad00/agent-bom/pull/53
  • feat: add malicious package detection (MAL- prefix + typosquat) by @msaad00 in https://github.com/msaad00/agent-bom/pull/54
  • feat: add OpenSSF Scorecard API enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/55
  • feat: add visual storytelling SVG diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/56
  • feat: add AI infrastructure scanning profiles by @msaad00 in https://github.com/msaad00/agent-bom/pull/57
  • docs: overhaul documentation for new features by @msaad00 in https://github.com/msaad00/agent-bom/pull/58
  • feat: add runtime MCP traffic monitoring by @msaad00 in https://github.com/msaad00/agent-bom/pull/59
  • feat: enhance REST API with compliance and security endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/60
  • feat: add runtime sidecar Docker container by @msaad00 in https://github.com/msaad00/agent-bom/pull/61
  • feat: add enterprise integrations (Jira, Slack, Vanta, Drata) by @msaad00 in https://github.com/msaad00/agent-bom/pull/62
  • fix: audit cleanup — wire integrations, update docs and metadata by @msaad00 in https://github.com/msaad00/agent-bom/pull/63
  • release: v0.34.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/64

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.33.0...v0.34.0

Security Fixes

  • OpenSSF Scorecard improvements: signed releases, pinned dependencies, vulnerability fixes
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]