This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryMinor fixes and improvements.
Full changelog
What's Changed
- fix: add Apache-2.0 license to MCP registry metadata by @msaad00 in https://github.com/msaad00/agent-bom/pull/504
- fix: update GitHub Action version in SVGs to v0.68.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/505
- fix: align PyPI description with actual stats by @msaad00 in https://github.com/msaad00/agent-bom/pull/506
- feat: Docker cross-platform hardening — multi-arch CI, Windows docs, SHA audit by @msaad00 in https://github.com/msaad00/agent-bom/pull/511
- docs: restructure README for PyPI readability by @msaad00 in https://github.com/msaad00/agent-bom/pull/512
- fix: final stale stats sweep — all diagrams, docs, and code aligned by @msaad00 in https://github.com/msaad00/agent-bom/pull/514
- feat: automated stats alignment CI test by @msaad00 in https://github.com/msaad00/agent-bom/pull/515
- feat: evidence-based MCP server trust scoring with CVE citations by @msaad00 in https://github.com/msaad00/agent-bom/pull/513
- chore: bump version to v0.68.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/516
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.68.1
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]