Skip to content

msaad00/agent-bom

Vulnerability Scanning

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

Track releases GitHub Website
Python Latest v0.88.5 · 2d ago Security brief →

Features

  • Scans local and fleet AI infrastructure to build an inventory (BOM)
  • Generates vulnerability findings, compliance evidence, and attack‑path graphs
  • Provides CLI, REST API, self‑hosted dashboard, and optional runtime proxy controls

Recent releases

View all 106 releases →
Review required
v0.88.5 New feature
Auth RBAC Breaking upgrade

UI, onboarding, gateway, findings, observability, graph, hardening, deps, runtime

Open
Review required
v0.88.4 Mixed
Auth Breaking upgrade

Scope catalog + registry + TS SDK

Open
Review required
v0.88.3 New feature
Auth Dependencies

mcp, intel, sdk, api, connectors

Open
No immediate action
v0.87.1 New feature

runtime, api, intel, ci, product

Open
Upgrade now
v0.87.0 Breaking risk
Dependencies

Cryptography core dependency

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
20
Forks
8
Languages
Python TypeScript Shell
View on GitHub Homepage Documentation

Install & Platforms

Install via
pip

Similar tools

gebalamariusz/cloud-audit
Checkov
Deepfence ThreatMapper
pentest-ai
UPinar/contrastapi

Beta — feedback welcome: [email protected]