This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryAdded runtime version resolvers with drift detection and improved scanner robustness.
Full changelog
What's Changed
- refactor: consolidate test files — merge _cov2 pairs, standardize names by @msaad00 in https://github.com/msaad00/agent-bom/pull/571
- refactor: extract MCP tool logic into mcp_tools/ package by @msaad00 in https://github.com/msaad00/agent-bom/pull/572
- refactor: extract models and middleware from api/server.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/585
- refactor: extract store globals into api/stores.py (Phase 3) by @msaad00 in https://github.com/msaad00/agent-bom/pull/588
- refactor: extract scan pipeline into api/pipeline.py (Phase 4) by @msaad00 in https://github.com/msaad00/agent-bom/pull/589
- refactor: extract 166 click options from cli/scan.py into cli/options.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/591
- refactor: extract output format modules from output/init.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/592
- refactor: extract config parsers from discovery/init.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/593
- refactor: extract Python parsers from parsers/init.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/594
- refactor: extract Node.js parsers into parsers/node_parsers.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/597
- refactor: extract Go/Maven/Cargo/uvx parsers into compiled_parsers.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/598
- refactor: extract compliance/posture routes into api/routes/compliance.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/599
- docs: add Architecture Decision Records (ADRs) for contributors by @msaad00 in https://github.com/msaad00/agent-bom/pull/600
- feat: add runtime version resolvers and drift detection (P0 #562) by @msaad00 in https://github.com/msaad00/agent-bom/pull/601
- refactor: extract fleet + gateway routes into api/routes/ modules by @msaad00 in https://github.com/msaad00/agent-bom/pull/602
- refactor: extract proxy routes + WebSockets into api/routes/proxy.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/611
- refactor: extract governance, enterprise, schedules, observability, assets routes by @msaad00 in https://github.com/msaad00/agent-bom/pull/612
- refactor: extract scan, discovery, connectors routes from server.py by @msaad00 in https://github.com/msaad00/agent-bom/pull/613
- feat: scanner robustness — PEP 503 normalization, configurable batching, unresolved warnings by @msaad00 in https://github.com/msaad00/agent-bom/pull/614
- fix: close scanner normalization gaps — false negatives in check, scan_agents, rescan by @msaad00 in https://github.com/msaad00/agent-bom/pull/615
- chore: bump version to 0.70.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/616
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.70.0
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]