This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryMinor fixes and improvements.
Full changelog
What's Changed
- Fix post-release hygiene: uv.lock, demo, dist cleanup by @msaad00 in https://github.com/msaad00/agent-bom/pull/1128
- Fix self-scan, provenance export, and release surface alignment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1129
- feat(cli): add first-class skills scan and verify by @msaad00 in https://github.com/msaad00/agent-bom/pull/1139
- chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1138
- chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1132
- chore(deps): bump recharts from 3.8.0 to 3.8.1 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1136
- chore(deps): bump @xyflow/react from 12.10.1 to 12.10.2 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1134
- chore(deps): bump @dagrejs/dagre from 2.0.4 to 3.0.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1133
- chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1131
- chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1130
- Fix filesystem scan output credibility by @msaad00 in https://github.com/msaad00/agent-bom/pull/1140
- Improve advisory labeling and resolver continuity by @msaad00 in https://github.com/msaad00/agent-bom/pull/1141
- Add live MCP tool capability risk scoring by @msaad00 in https://github.com/msaad00/agent-bom/pull/1142
- Harden npm version resolution backpressure by @msaad00 in https://github.com/msaad00/agent-bom/pull/1143
- Align CLI first-run and quickstart surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1144
- Polish dashboard hero and graph visuals by @msaad00 in https://github.com/msaad00/agent-bom/pull/1145
- Tighten remediation JSON and posture messaging by @msaad00 in https://github.com/msaad00/agent-bom/pull/1146
- fix(ui): align eslint with next peer range by @msaad00 in https://github.com/msaad00/agent-bom/pull/1147
- fix(scorecard): resolve source metadata before enrichment by @msaad00 in https://github.com/msaad00/agent-bom/pull/1148
- chore: prepare 0.75.12 release by @msaad00 in https://github.com/msaad00/agent-bom/pull/1149
- fix: close final 0.75.12 carry-forwards by @msaad00 in https://github.com/msaad00/agent-bom/pull/1150
- docs: polish release audit cosmetics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1151
- docs: sharpen CI/CD and enterprise adoption paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/1152
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.75.12
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]