Skip to content

msaad00/agent-bom

v0.62.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Summary

AI summary

Graph export CLI, OIDC/SSO auth, Pinecone cloud vector DB scanning added.

Full changelog

What's Changed

  • feat: rescan — remediation verification command (enterprise closed loop) by @msaad00 in https://github.com/msaad00/agent-bom/pull/339
  • feat: poetry.lock, uv.lock, conda env.yml, pnpm-lock.yaml parsers — full package manager interop by @msaad00 in https://github.com/msaad00/agent-bom/pull/340
  • feat: yarn.lock parser — Classic v1 and Berry v2/v3, completes Node package manager coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/341
  • feat: project-mode package scan + SBOM source attribution by @msaad00 in https://github.com/msaad00/agent-bom/pull/342
  • feat: native disk snapshot scan + pip environment parser by @msaad00 in https://github.com/msaad00/agent-bom/pull/343
  • feat: MITRE ATT&CK Enterprise blast radius mapping via CWE IDs by @msaad00 in https://github.com/msaad00/agent-bom/pull/344
  • feat: process and container MCP server discovery (#304 #305) by @msaad00 in https://github.com/msaad00/agent-bom/pull/345
  • chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/346
  • chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/347
  • chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/348
  • chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/349
  • chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/350
  • feat: policy action='jira' for policy-driven Jira ticket creation (#279) by @msaad00 in https://github.com/msaad00/agent-bom/pull/351
  • feat: SIEM push — wire scan findings to Splunk/Datadog/Elasticsearch (#277) by @msaad00 in https://github.com/msaad00/agent-bom/pull/352
  • chore: bump version to v0.60.3 by @msaad00 in https://github.com/msaad00/agent-bom/pull/353
  • feat: post-discovery MCP server health checks (#306) by @msaad00 in https://github.com/msaad00/agent-bom/pull/354
  • feat: Kubernetes MCP pod/CRD discovery (#307) by @msaad00 in https://github.com/msaad00/agent-bom/pull/355
  • feat: auto-configure agent-bom proxy per discovered MCP server (#302) by @msaad00 in https://github.com/msaad00/agent-bom/pull/356
  • chore: bump version to v0.61.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/357
  • chore(deps): bump actions/upload-pages-artifact from 3.0.1 to 4.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/358
  • chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/359
  • chore(deps-dev): bump tailwindcss from 4.2.0 to 4.2.1 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/360
  • chore(deps): bump actions/setup-python from 5.6.0 to 6.2.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/361
  • chore(deps): bump google/clusterfuzzlite from 82652fb49e77bc29c35da1167bb286e93c6bcc05 to 884713a6c30a92e5e8544c39945cd7cb630abcd1 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/362
  • chore(deps-dev): bump eslint from 9.39.2 to 10.0.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/363
  • chore(deps-dev): bump @tailwindcss/postcss from 4.2.0 to 4.2.1 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/364
  • chore(deps): bump lucide-react from 0.575.0 to 0.577.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/365
  • chore(deps): bump react-dom from 19.2.3 to 19.2.4 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/366
  • feat: graph export CLI, OIDC/SSO auth, Pinecone cloud vector DB scanning by @msaad00 in https://github.com/msaad00/agent-bom/pull/367
  • chore: bump version to v0.62.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/368
  • fix: sync react and react-dom to 19.2.4 by @msaad00 in https://github.com/msaad00/agent-bom/pull/369

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.62.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]