This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
Summary
AI summarySecurity hardening and compliance improvements were applied.
Full changelog
What's Changed
- fix: MCP Registry description length (422 validation) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1002
- Use pyproject.toml as source of truth for version in publish workflow by @andres-linero in https://github.com/msaad00/agent-bom/pull/1001
- Enterprise foundation: dev experience, scanner accuracy, bug fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/1003
- fix: runtime security + compliance wiring audit fixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/1004
- feat: supply chain provenance + Go checksum DB + cloud timeout by @msaad00 in https://github.com/msaad00/agent-bom/pull/1005
- release: v0.74.1 — security hardening, compliance wiring, README overhaul by @msaad00 in https://github.com/msaad00/agent-bom/pull/1006
- chore: align Docker Hub + action.yml for v0.74.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1007
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.74.1
Security Fixes
- Security hardening applied to runtime security and compliance wiring audit fixes
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]