Skip to content

msaad00/agent-bom

v0.87.1 Feature

This release adds 5 notable features for engineering teams evaluating rollout.

Published 16d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Summary

AI summary

Updates span runtime, API, intel, CI, and product documentation with new features and fixes.

Changes in this release

Security High

Secure remote skill intel feeds.

Secure remote skill intel feeds.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Security High

Harden GHSA NVD sync coverage in intel.

Harden GHSA NVD sync coverage in intel.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Add Langfuse OTLP span profile to runtime.

Add Langfuse OTLP span profile to runtime.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Publish OpenAPI artifacts via API.

Publish OpenAPI artifacts via API.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Add production index endpoint to runtime.

Add production index endpoint to runtime.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Add advisory lookup and package matching to intel.

Add advisory lookup and package matching to intel.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Emit Agent BOM manifest via inventory.

Emit Agent BOM manifest via inventory.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Add accountable authorization trace to runtime.

Add accountable authorization trace to runtime.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Low

Add role profile blueprints to runtime.

Add role profile blueprints to runtime.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Derive CVE remediation guidance from reports.

Derive CVE remediation guidance from reports.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Clarify optional runtime extras in CLI.

Clarify optional runtime extras in CLI.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Quiet doctor MCP discovery output in CLI.

Quiet doctor MCP discovery output in CLI.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Reduce docs PII false positives for secrets.

Reduce docs PII false positives for secrets.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Expose static schema type aliases in graph.

Expose static schema type aliases in graph.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Dispatch required checks for current PRs in CI.

Dispatch required checks for current PRs in CI.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Harden scorecard dependency signals in CI.

Harden scorecard dependency signals in CI.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Low

Restrict MCP registry sync source in CI.

Restrict MCP registry sync source in CI.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Other Low

Prepare version v0.87.1 release.

Prepare version v0.87.1 release.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Other Low

Adopt multi-agent operating contract and align public docs on standard format names.

Adopt multi-agent operating contract and align public docs on standard format names.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Low

Focus public front door in README.

Focus public front door in README.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Low

Align public proof surfaces in product docs.

Align public proof surfaces in product docs.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Low

Add AI governance control-plane diagram to product docs.

Add AI governance control-plane diagram to product docs.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Low

Align v0.87.1 public references in release docs.

Align v0.87.1 public references in release docs.

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Full changelog

What's Changed

  • feat(runtime): add Langfuse OTLP span profile by @msaad00 in https://github.com/msaad00/agent-bom/pull/2623
  • feat(api): publish OpenAPI artifacts by @msaad00 in https://github.com/msaad00/agent-bom/pull/2624
  • fix(reports): derive CVE remediation guidance by @msaad00 in https://github.com/msaad00/agent-bom/pull/2630
  • fix(cli): clarify optional runtime extras by @msaad00 in https://github.com/msaad00/agent-bom/pull/2632
  • fix(cli): quiet doctor MCP discovery output by @msaad00 in https://github.com/msaad00/agent-bom/pull/2633
  • fix(intel): secure remote skill intel feeds by @msaad00 in https://github.com/msaad00/agent-bom/pull/2641
  • fix(secrets): reduce docs PII false positives by @msaad00 in https://github.com/msaad00/agent-bom/pull/2642
  • docs(agents): adopt multi-agent operating contract; align public docs on standard format names by @msaad00 in https://github.com/msaad00/agent-bom/pull/2647
  • feat(runtime): add production index endpoint by @msaad00 in https://github.com/msaad00/agent-bom/pull/2649
  • fix(intel): harden GHSA NVD sync coverage by @msaad00 in https://github.com/msaad00/agent-bom/pull/2650
  • feat(intel): add advisory lookup and package matching by @msaad00 in https://github.com/msaad00/agent-bom/pull/2652
  • fix(graph): expose static schema type aliases by @msaad00 in https://github.com/msaad00/agent-bom/pull/2653
  • fix(ci): dispatch required checks for current PRs by @msaad00 in https://github.com/msaad00/agent-bom/pull/2662
  • feat(inventory): emit Agent BOM manifest by @msaad00 in https://github.com/msaad00/agent-bom/pull/2663
  • fix(ci): harden scorecard dependency signals by @msaad00 in https://github.com/msaad00/agent-bom/pull/2664
  • docs(readme): focus public front door by @msaad00 in https://github.com/msaad00/agent-bom/pull/2668
  • docs(product): align public proof surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/2669
  • docs(product): add AI governance control-plane diagram by @msaad00 in https://github.com/msaad00/agent-bom/pull/2680
  • release: prepare v0.87.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2677
  • feat(runtime): add accountable authorization trace by @msaad00 in https://github.com/msaad00/agent-bom/pull/2678
  • feat(runtime): add role profile blueprints by @msaad00 in https://github.com/msaad00/agent-bom/pull/2679
  • docs(release): align v0.87.1 public references by @msaad00 in https://github.com/msaad00/agent-bom/pull/2681
  • fix(ci): restrict MCP registry sync source by @msaad00 in https://github.com/msaad00/agent-bom/pull/2682

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.87.0...v0.87.1

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]