# agent-bom > Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis. - **URL**: https://www.freshcrate.ai/projects/agent-bom - **Author**: msaad00 - **Category**: MCP Servers - **Latest version**: `v0.88.5` (2026-06-01) - **License**: Apache-2.0 - **Source**: https://github.com/msaad00/agent-bom - **Homepage**: https://pypi.org/project/agent-bom/ - **Language**: Python - **GitHub**: 13 stars, 6 forks - **Registry**: github (`msaad00/agent-bom`) - **Tags**: `ai-agents`, `ai-security`, `ai-supply-chain`, `aibom`, `blast-radius`, `cloud-security`, `compliance`, `container-security`, `mcp`, `python` ## Description Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v0.88.5` | 2026-06-01 | High | ## What's Changed * fix(ci): retry pip-audit with pypi source by @msaad00 in https://github.com/msaad00/agent-bom/pull/2797 * chore(deps-dev): bump typescript-eslint from 8.59.4 to 8.60.0 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2795 * chore(deps): bump @tanstack/react-virtual from 3.13.25 to 3.13.26 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2796 * fix(gateway): expose empty policy posture by @msaad00 in https://github.com/msaad00/agen | | `v0.88.4` | 2026-05-26 | High | ## What's Changed * fix(compose): unblock first-run env rendering by @msaad00 in https://github.com/msaad00/agent-bom/pull/2777 * typing(models): type agent metadata mapping by @msaad00 in https://github.com/msaad00/agent-bom/pull/2778 * feat(auth): expose scope catalog by @msaad00 in https://github.com/msaad00/agent-bom/pull/2779 * fix(graph): explain empty exposure paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/2780 * fix(audit): chain postgres rls bypass events by @msaad00 in | | `v0.88.1` | 2026-05-22 | High | ## What's Changed * chore(deps): bump @tanstack/react-virtual from 3.13.24 to 3.13.25 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2732 * chore(registry): refresh MCP catalog for release by @msaad00 in https://github.com/msaad00/agent-bom/pull/2733 * release: prepare v0.88.1 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2734 **Full Changelog**: https://github.com/msaad00/agent-bom/compare/v0.88.0...v0.88.1 | | `v0.87.0` | 2026-05-18 | High | ## What's Changed * chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2511 * release: prepare v0.86.5 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2512 * chore(deps): bump litellm from 1.83.7 to 1.83.10 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2513 * [codex] fix compliance data hotfixes by @msaad00 in https://github.com/msaad00/agent-bom/pull/2514 * fix: emit shell completion scripts and persist CLI | | `v0.86.5` | 2026-05-11 | High | ## What's Changed * chore(deps): bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2511 **Full Changelog**: https://github.com/msaad00/agent-bom/compare/v0.86.4...v0.86.5 | | `v0.86.2` | 2026-05-07 | High | ## What's Changed * test(snowflake): allow pinned action updates by @msaad00 in https://github.com/msaad00/agent-bom/pull/2309 * Runtime sandbox isolation defaults to opt-out by @msaad00 in https://github.com/msaad00/agent-bom/pull/2310 * Add gateway KEDA autoscaling support by @msaad00 in https://github.com/msaad00/agent-bom/pull/2311 * chore(ci): refresh Snowflake release action pins by @msaad00 in https://github.com/msaad00/agent-bom/pull/2314 * ci: pin uv setup tool version by @msaad00 in ht | | `v0.85.0` | 2026-05-02 | High | ## What's Changed * docs(diagrams): align engine-internals + compliance counts to current product state by @msaad00 in https://github.com/msaad00/agent-bom/pull/2187 * feat(firewall): inter-agent firewall foundation — schema, loader, evaluator, CLI by @msaad00 in https://github.com/msaad00/agent-bom/pull/2188 * feat(gateway): wire inter-agent firewall — evaluator, hot-reload, audit, healthz by @msaad00 in https://github.com/msaad00/agent-bom/pull/2189 * feat(proxy): inter-agent firewall fast-pat | | `v0.82.3` | 2026-04-28 | High | ## What's Changed * chore(deps): upgrade pip 25.3 → 26.1 in runtime images (clears CVE-2026-1703) by @msaad00 in https://github.com/msaad00/agent-bom/pull/2027 * typing: phase strict mypy onto four more API store modules (#1969) by @msaad00 in https://github.com/msaad00/agent-bom/pull/2028 * fix(readme): repair self-hosted mermaid + drop redundant engine-internals image by @msaad00 in https://github.com/msaad00/agent-bom/pull/2029 * chore(ui): enable noUncheckedIndexedAccess in tsconfig by @msaa | | `v0.81.1` | 2026-04-23 | High | ## What's Changed * [platform] align published runtime image surfaces by @msaad00 in https://github.com/msaad00/agent-bom/pull/1612 * [ci] normalize Dependabot UI lockfile updates by @msaad00 in https://github.com/msaad00/agent-bom/pull/1613 * chore(deps-dev): bump @tailwindcss/postcss from 4.2.2 to 4.2.3 in /ui by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/1610 * chore(deps-dev): bump typescript-eslint from 8.58.0 to 8.59.0 in /ui by @dependabot[bot] in https://github.com/msa | | `v0.81.0` | 2026-04-21 | High | ## What's Changed * [codex] add hosted product spec and split deployment diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1601 * Add source registry and wire the Sources page by @msaad00 in https://github.com/msaad00/agent-bom/pull/1602 * Fix release coherence and tenant isolation by @msaad00 in https://github.com/msaad00/agent-bom/pull/1603 * [docs] simplify self-hosted deployment and runtime flow diagrams by @msaad00 in https://github.com/msaad00/agent-bom/pull/1604 * [platfor | ## Citation - HTML: https://www.freshcrate.ai/projects/agent-bom - Markdown: https://www.freshcrate.ai/projects/agent-bom.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/agent-bom/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._