Skip to content

msaad00/agent-bom

v0.82.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Affected surfaces

deps

Summary

AI summary

Surface graph‑walk reachability into BlastRadius scoring and UI.

Full changelog

What's Changed

  • chore(deps): upgrade pip 25.3 → 26.1 in runtime images (clears CVE-2026-1703) by @msaad00 in https://github.com/msaad00/agent-bom/pull/2027
  • typing: phase strict mypy onto four more API store modules (#1969) by @msaad00 in https://github.com/msaad00/agent-bom/pull/2028
  • fix(readme): repair self-hosted mermaid + drop redundant engine-internals image by @msaad00 in https://github.com/msaad00/agent-bom/pull/2029
  • chore(ui): enable noUncheckedIndexedAccess in tsconfig by @msaad00 in https://github.com/msaad00/agent-bom/pull/2030
  • typing: phase strict mypy onto four more API store modules (#1969) by @msaad00 in https://github.com/msaad00/agent-bom/pull/2031
  • docs(compliance): publish per-framework coverage table by @msaad00 in https://github.com/msaad00/agent-bom/pull/2032
  • chore(ui): enable exactOptionalPropertyTypes — closes #1967 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2033
  • ops(ci): document + script merge-queue enablement to end stranded CI by @msaad00 in https://github.com/msaad00/agent-bom/pull/2034
  • feat(helm): KEDA-driven autoscaling on control-plane API + published SLO by @msaad00 in https://github.com/msaad00/agent-bom/pull/2035
  • ci: scheduled auto-retrigger workflow for stranded PRs by @msaad00 in https://github.com/msaad00/agent-bom/pull/2036
  • feat(metrics): scan_jobs_active gauge + KEDA queue-depth trigger by @msaad00 in https://github.com/msaad00/agent-bom/pull/2037
  • feat(perf): clustered Postgres scale evidence harness by @msaad00 in https://github.com/msaad00/agent-bom/pull/2038
  • docs(deploy): "do I need both images?" — clarify the API-only path by @msaad00 in https://github.com/msaad00/agent-bom/pull/2039
  • feat: surface graph-walk reachability into BlastRadius scoring + UI by @msaad00 in https://github.com/msaad00/agent-bom/pull/2040
  • chore(release): v0.82.3 — reachability-aware blast radius, KEDA scaling, Postgres bench by @msaad00 in https://github.com/msaad00/agent-bom/pull/2041

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.82.2...v0.82.3

Security Fixes

  • CVE-2026-1703 — upgrade pip from 25.3 to 26.1 in runtime images
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]