This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryMinor fixes and improvements.
Full changelog
What's Changed
- Fix MCP registry publish diagnostics by @msaad00 in https://github.com/msaad00/agent-bom/pull/1097
- Fix MCP Registry PyPI publish marker by @msaad00 in https://github.com/msaad00/agent-bom/pull/1098
- Align 0.75.8 release surfaces and claims by @msaad00 in https://github.com/msaad00/agent-bom/pull/1099
- Harden final OpenSSF release surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1100
- Add non-failing mode for package checks by @msaad00 in https://github.com/msaad00/agent-bom/pull/1101
- Harden project-scoped scan coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/1102
- Guard MCP and PyPI release metadata by @msaad00 in https://github.com/msaad00/agent-bom/pull/1103
- Harden npm version resolution continuity by @msaad00 in https://github.com/msaad00/agent-bom/pull/1104
- Align release-facing surfaces before republish by @msaad00 in https://github.com/msaad00/agent-bom/pull/1105
- chore: bump version to 0.75.9 by @msaad00 in https://github.com/msaad00/agent-bom/pull/1106
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.75.9
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]