This release adds 4 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryAdded weekly uv.lock upgrade workflow and new AI/GPU infrastructure scanning capabilities.
Full changelog
What's Changed
- fix: update test SBOM fixture to non-vulnerable package versions by @msaad00 in https://github.com/msaad00/agent-bom/pull/373
- fix: pin all dependencies by hash for OpenSSF Scorecard by @msaad00 in https://github.com/msaad00/agent-bom/pull/374
- feat: weekly uv.lock upgrade workflow by @msaad00 in https://github.com/msaad00/agent-bom/pull/375
- fix+feat: accuracy fixes + EPSS×CVSS risk map + Compound Issues cards by @msaad00 in https://github.com/msaad00/agent-bom/pull/376
- feat: AI infra/GPU coverage, author name, Wiz-style nav risk badges by @msaad00 in https://github.com/msaad00/agent-bom/pull/377
- feat: GPU/AI compute infra scanner — Docker, K8s, DCGM (closes #309) by @msaad00 in https://github.com/msaad00/agent-bom/pull/378
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.63.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]