This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
Summary
AI summarySecurity hardening and stale reference cleanup were implemented.
Full changelog
What's Changed
- fix: remove cve-freshness SARIF upload causing 'config not found' on PRs by @msaad00 in https://github.com/msaad00/agent-bom/pull/222
- fix: correct test count and policy conditions claims by @msaad00 in https://github.com/msaad00/agent-bom/pull/223
- fix: remove dogfood SARIF upload causing 'config not found' on PRs by @msaad00 in https://github.com/msaad00/agent-bom/pull/224
- feat: enrichment improvements — CVSS v4.0, EPSS freshness, ignore file, coverage gate by @msaad00 in https://github.com/msaad00/agent-bom/pull/225
- release: v0.59.0 — enrichment improvements, ClawHub trust transparency by @msaad00 in https://github.com/msaad00/agent-bom/pull/226
- fix: security hardening + stale ref cleanup (#213) by @msaad00 in https://github.com/msaad00/agent-bom/pull/227
- fix: pre-release audit — version alignment, CI/CD hardening, upgrade docs (#228) by @msaad00 in https://github.com/msaad00/agent-bom/pull/228
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.58.1...v0.59.0
Security Fixes
- Security hardening and stale reference cleanup implemented (#213)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]