This release adds 6 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryNative-first scanning eliminates the need for Grype, Syft, or Trivy.
Full changelog
What's Changed
- docs: v0.70.8 demo GIF — 1400x800 high resolution by @msaad00 in https://github.com/msaad00/agent-bom/pull/782
- fix: compliance SVG 10→13 frameworks + Ruby in README by @msaad00 in https://github.com/msaad00/agent-bom/pull/788
- fix: OpenSSF Scorecard — upgrade flatted, suppress false positives, tighten permissions by @msaad00 in https://github.com/msaad00/agent-bom/pull/789
- feat: update tagline — "Security scanner for AI infrastructure" by @msaad00 in https://github.com/msaad00/agent-bom/pull/806
- feat: severity badges with background colors + visual hierarchy by @msaad00 in https://github.com/msaad00/agent-bom/pull/807
- feat: compact output — remove banner, progressive disclosure by @msaad00 in https://github.com/msaad00/agent-bom/pull/808
- fix: add npm audit to CI + release gate by @msaad00 in https://github.com/msaad00/agent-bom/pull/809
- docs: add mkdocstrings API reference by @msaad00 in https://github.com/msaad00/agent-bom/pull/810
- docs: enterprise security architecture by @msaad00 in https://github.com/msaad00/agent-bom/pull/811
- perf: parallel enrichment — EPSS + KEV + NVD concurrent by @msaad00 in https://github.com/msaad00/agent-bom/pull/812
- feat: show direct vs transitive deps in scan output by @msaad00 in https://github.com/msaad00/agent-bom/pull/813
- perf: optimize CI — drop 3.12, add 3.14, defer Docker/self-scan by @msaad00 in https://github.com/msaad00/agent-bom/pull/814
- feat: PHP Composer parser — composer.lock + composer.json by @msaad00 in https://github.com/msaad00/agent-bom/pull/815
- feat: Swift Package Manager parser — Package.resolved v2/v3 by @msaad00 in https://github.com/msaad00/agent-bom/pull/816
- fix: repo alignment — stale versions, SVG counts, Snowflake clarity by @msaad00 in https://github.com/msaad00/agent-bom/pull/817
- fix: remove Snowflake deployment row from README by @msaad00 in https://github.com/msaad00/agent-bom/pull/818
- fix: deduplicate PYSEC/GHSA/CVE aliases — unique CVEs only by @msaad00 in https://github.com/msaad00/agent-bom/pull/819
- fix: canonicalize vuln IDs to CVE — prefer CVE-xxxx over GHSA/PYSEC by @msaad00 in https://github.com/msaad00/agent-bom/pull/820
- chore: remove 29 unused SVG diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/821
- feat: native-first scanning — no Grype/Syft/Trivy required by @msaad00 in https://github.com/msaad00/agent-bom/pull/822
- perf: scan speed optimizations + dependency-review license fix by @msaad00 in https://github.com/msaad00/agent-bom/pull/823
- feat: auto-discover MCP configs inside --filesystem paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/824
- fix: add mypy to pre-commit hooks by @msaad00 in https://github.com/msaad00/agent-bom/pull/825
- chore: bump version to v0.70.9 by @msaad00 in https://github.com/msaad00/agent-bom/pull/826
- docs: v0.70.9 demo GIF by @msaad00 in https://github.com/msaad00/agent-bom/pull/828
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.70.9
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]