This release adds 3 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryMinor fixes and improvements.
Full changelog
What's Changed
- chore: scrub tool-credit phrasing from regression-test docstring by @msaad00 in https://github.com/msaad00/agent-bom/pull/2180
- feat(cli): startup banner, findings header label, severity-breakdown closer, OSV-first GHSA UX by @msaad00 in https://github.com/msaad00/agent-bom/pull/2181
- fix(version-utils): handle npm SemVer pre-release tags in version compare by @msaad00 in https://github.com/msaad00/agent-bom/pull/2182
- feat(cli): route scanner warnings through Rich during progress to stop spinner stacking by @msaad00 in https://github.com/msaad00/agent-bom/pull/2183
- feat(cli): verdict-led compact posture summary, full panel behind --verbose by @msaad00 in https://github.com/msaad00/agent-bom/pull/2184
- fix(cli): use Severity.value so the scan-complete severity closer renders content by @msaad00 in https://github.com/msaad00/agent-bom/pull/2185
- chore: prepare v0.84.6 release by @msaad00 in https://github.com/msaad00/agent-bom/pull/2186
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.84.5...v0.84.6
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]