Skip to content

msaad00/agent-bom

v0.74.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Summary

AI summary

PCI DSS 4.0 compliance added and CLI architecture refactored to a unified agents command.

Full changelog

What's Changed

  • fix: update integration descriptions for v0.72.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/966
  • feat: 5-product CLI architecture + CycloneDX ML BOM + agent-shield deep defense by @msaad00 in https://github.com/msaad00/agent-bom/pull/967
  • fix: harden fleet min_trust filter for Python 3.14 compat by @msaad00 in https://github.com/msaad00/agent-bom/pull/969
  • fix: mock scan pipeline in API tests + graph-export and shield endpoints by @msaad00 in https://github.com/msaad00/agent-bom/pull/970
  • fix: suppress CVE-2026-33231 (nltk wordnet_app — not reachable) by @msaad00 in https://github.com/msaad00/agent-bom/pull/971
  • feat: v0.73.0 release prep — version bump, MCP graph tool, 27 E2E tests, docs by @msaad00 in https://github.com/msaad00/agent-bom/pull/972
  • feat: PII redaction + 110 security patterns for agent-shield by @msaad00 in https://github.com/msaad00/agent-bom/pull/973
  • feat: CLI architecture alignment — agents command, shield slim, clean command hierarchy by @msaad00 in https://github.com/msaad00/agent-bom/pull/974
  • docs: update all references from scan to agents command by @msaad00 in https://github.com/msaad00/agent-bom/pull/975
  • refactor: internal rename — cli/scan to cli/agents, aligned file names by @msaad00 in https://github.com/msaad00/agent-bom/pull/976
  • feat: 7 P0/P1 gap closures — AST scanner, Shield SDK, OCSF, secrets, red team by @msaad00 in https://github.com/msaad00/agent-bom/pull/985
  • docs: update README, descriptions, and integration metadata for v0.73.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/986
  • feat: PCI DSS 4.0 compliance + cloud-native SBOM pull by @msaad00 in https://github.com/msaad00/agent-bom/pull/987
  • fix: eliminate scanner false positives with version-range filtering by @msaad00 in https://github.com/msaad00/agent-bom/pull/988
  • fix: auto-detect ecosystem and scan both pypi+npm when ambiguous by @msaad00 in https://github.com/msaad00/agent-bom/pull/989
  • fix: scanner accuracy A+ — severity inference + actionable filtering by @msaad00 in https://github.com/msaad00/agent-bom/pull/990
  • feat: auto-run AST analysis + secret scanning in agents command by @msaad00 in https://github.com/msaad00/agent-bom/pull/991
  • fix: null safety across entire Next.js dashboard — 120 fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/992
  • feat: sidebar navigation + React Flow fix + HTML report redesign by @msaad00 in https://github.com/msaad00/agent-bom/pull/993
  • release: v0.74.0 — sidebar nav, CVE fixes, docs alignment by @msaad00 in https://github.com/msaad00/agent-bom/pull/994
  • fix: validate EPSS score range + KEV cache mypy fix by @msaad00 in https://github.com/msaad00/agent-bom/pull/995
  • fix: add SSRF + process spawn patterns — verified 112 count by @msaad00 in https://github.com/msaad00/agent-bom/pull/996
  • fix: align all docs and integrations to v0.74.0 by @msaad00 in https://github.com/msaad00/agent-bom/pull/997
  • feat: v0.74.0 demo GIF (high-res) by @msaad00 in https://github.com/msaad00/agent-bom/pull/998
  • fix: correct demo GIF + output format count (15 → 18) by @msaad00 in https://github.com/msaad00/agent-bom/pull/999
  • fix: demo shows full agent tree + blast radius (no --quiet) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1000

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.74.0

Breaking Changes

  • Renamed cli/scan directory and associated files to cli/agents
  • Updated all documentation, integration metadata, and command references from "scan" to the new "agents" command

Security Fixes

  • Suppress CVE-2026-33231 (nltk wordnet_app — not reachable)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]