This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryAdded AI component source scanning, DeepSeek detection, and multiple new output formats.
Full changelog
What's Changed
- fix: self-scan workflows use wrong CLI flags by @msaad00 in https://github.com/msaad00/agent-bom/pull/695
- chore: reorganize repo root — 19 dirs → 11, 38 files → 20 by @msaad00 in https://github.com/msaad00/agent-bom/pull/697
- fix: SEVERITY_ORDER missing UNKNOWN + CVSS 0.0 → none by @msaad00 in https://github.com/msaad00/agent-bom/pull/715
- fix: SARIF security-severity property + UNKNOWN→note by @msaad00 in https://github.com/msaad00/agent-bom/pull/716
- feat: GitHub Action — 5 improvements (output, warn, auto-db, PR comment, badge) by @msaad00 in https://github.com/msaad00/agent-bom/pull/717
- feat: CLI scan — --db-source, --auto-update-db=ON, --offline by @msaad00 in https://github.com/msaad00/agent-bom/pull/718
- feat: MCP scan — auto_update_db, db_sources, format + isError pattern by @msaad00 in https://github.com/msaad00/agent-bom/pull/719
- fix: Docker SSE healthcheck, policy field validation, expanded dogfood CI by @msaad00 in https://github.com/msaad00/agent-bom/pull/720
- fix: scanner core gaps — conda resolution, npm semver, SARIF enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/731
- feat: CWE enrichment — OSV extraction, universal compliance tagging, DB schema v2 by @msaad00 in https://github.com/msaad00/agent-bom/pull/734
- fix: ClawHub skill accuracy — resolve compliance contradictions, align metadata by @msaad00 in https://github.com/msaad00/agent-bom/pull/735
- feat: add JUnit XML, CSV, and Markdown output formats by @msaad00 in https://github.com/msaad00/agent-bom/pull/743
- release: v0.70.7 — AI BOM positioning, output formats, README revamp by @msaad00 in https://github.com/msaad00/agent-bom/pull/744
- feat: AI component source scanning — detect SDK imports, shadow AI, deprecated models by @msaad00 in https://github.com/msaad00/agent-bom/pull/745
- feat: DeepSeek detection + GlassWorm invisible Unicode defense by @msaad00 in https://github.com/msaad00/agent-bom/pull/746
- feat: AI inventory Rich table + JSON/HTML/SARIF export by @msaad00 in https://github.com/msaad00/agent-bom/pull/747
- fix: AI inventory end-to-end in CLI output by @msaad00 in https://github.com/msaad00/agent-bom/pull/748
- feat: CLI UX — progress bar, timing breakdown, next-steps suggestions by @msaad00 in https://github.com/msaad00/agent-bom/pull/749
- fix: update MCP tool count 31→32 across all surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/750
- fix: deploy-mcp-sse checkout release tag + freshness guard by @msaad00 in https://github.com/msaad00/agent-bom/pull/751
- chore: v0.70.7 demo GIF + version alignment by @msaad00 in https://github.com/msaad00/agent-bom/pull/752
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.70.7
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]