This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryAdded registry CVE enrichment with OSV, EPSS, and CISA KEV.
Full changelog
What's Changed
- fix: sync stale tool/client counts across docs and diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/203
- feat: registry CVE enrichment via OSV + EPSS + CISA KEV by @msaad00 in https://github.com/msaad00/agent-bom/pull/204
- fix: azure-mgmt-machinelearningservices >=2.0 → >=1.0 (unresolvable) by @msaad00 in https://github.com/msaad00/agent-bom/pull/205
- feat: platform hardening — logging, pre-install guard, Glama sync, mode diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/206
- release: v0.56.0 — version alignment, README refresh, new features by @msaad00 in https://github.com/msaad00/agent-bom/pull/207
- fix: Glama license detection + ClawHub trust transparency by @msaad00 in https://github.com/msaad00/agent-bom/pull/208
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.55.0...v0.56.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]