This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryMinor fixes and improvements.
Full changelog
What's Changed
- fix: Codex audit v3 — no-scan network, offline messaging, skills sync by @msaad00 in https://github.com/msaad00/agent-bom/pull/1045
- fix: --no-scan skips all DB messaging + offline clean one-liner by @msaad00 in https://github.com/msaad00/agent-bom/pull/1046
- feat: wire NIST 800-53 + FedRAMP + PCI DSS into compliance API (closes #934, #935, #936) by @msaad00 in https://github.com/msaad00/agent-bom/pull/1047
- fix: final Codex polish — no-scan DB noise + count drift by @msaad00 in https://github.com/msaad00/agent-bom/pull/1048
- chore: bump version to 0.75.3 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1049
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.75.3
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]