msaad00/agent-bom

Бесплатно

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from v

автор: msaad00

GitHub

Описание

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

README

Open security scanner for AI supply chain and infrastructure — agents, MCP servers, packages, containers, cloud (AWS, Azure, GCP, Snowflake, Databricks, CoreWeave, Nebius), GPU, and runtime.

Every CVE in your AI stack is a credential leak waiting to happen. agent-bom follows the chain end-to-end and tells you exactly which fix collapses it.

CVE-2025-1234  (CRITICAL · CVSS 9.8 · CISA KEV)
  |── [email protected]  (npm)
       |── sqlite-mcp  (MCP Server · unverified · root)
            |── Cursor IDE  (Agent · 4 servers · 12 tools)
            |── ANTHROPIC_KEY, DB_URL, AWS_SECRET  (Credentials exposed)
            |── query_db, read_file, write_file, run_shell  (Tools at risk)

 Fix: upgrade better-sqlite3 → 11.7.0

Blast radius is the core idea: CVE -> package -> MCP server -> agent -> credentials -> tools. CWE-aware impact keeps a DoS from being reported like credential compromise.

Try the demo

agent-bom agents --demo --offline

The demo uses a curated sample so the output stays reproducible across releases. Every CVE shown is a real OSV/GHSA match against a genuinely vulnerable package version — no fabricated findings (locked in by tests/test_demo_inventory_accuracy.py). For a real scan, run agent-bom agents, or add -p . to fold project manifests and lockfiles into the same result.

Want an inspectable sample before scanning your own repo? Run the bundled first-run AI stack:

agent-bom samples first-run
agent-bom agents --inventory agent-bom-first-run/inventory.json -p agent-bom-first-run --enrich

That sample includes agent inventory, MCP server definitions, placeholder credential environment variable names, Python/npm manifests, and a prompt file. See docs/FIRST_RUN.md for the guided path from CLI to dashboard.

Quick start

pip install agent-bom                  # CLI
# pipx install agent-bom               # isolated global install
# uvx agent-bom --help                 # ephemeral run

agent-bom agents                              # discover + scan local AI agents and MCP servers
agent-bom agents -p .                         # add project lockfiles + manifests
agent-bom samples first-run                   # write an inspectable sample AI stack
agent-bom check [email protected] --ecosystem pypi  # pre-install CVE gate
agent-bom image nginx:latest                  # container image scan
agent-bom iac Dockerfile k8s/ infra/main.tf   # IaC scan, optionally `--k8s-live`

Recommended pilot on one workstation:

curl -fsSL https://raw.githubusercontent.com/msaad00/agent-bom/main/deploy/docker-compose.pilot.yml -o docker-compose.pilot.yml
docker compose -f docker-compose.pilot.yml up -d
# Dashboard -> http://localhost:3000

Recommended full self-hosted path in your own AWS / EKS:

export AWS_REGION="<your-aws-region>"
scripts/deploy/install-eks-reference.sh \
  --cluster-name corp-ai \
  --region "$AWS_REGION" \
  --hostname agent-bom.internal.example.com \
  --enable-gateway

Advanced/manual path from a checked-out repo:

helm upgrade --install agent-bom deploy/helm/agent-bom \
  --namespace agent-bom --create-namespace \
  -f deploy/helm/agent-bom/examples/eks-production-values.yaml

After the first scan:

agent-bom agents -p . --remediate remediation.md                  # fix-first plan
agent-bom agents -p . --compliance-export fedramp -o evidence.zip # tamper-evident evidence bundle
pip install 'agent-bom[ui]' && agent-bom serve                    # API + bundled local UI

Product views — dashboard, remediation, and graph surfaces

Product views

These come from the live product path, using the built-in demo data pushed through the API. See docs/CAPTURE.md for the canonical capture protocol. They are captured from the packaged Next.js dashboard served by agent-bom serve, not from the Snowflake Streamlit compatibility path.

Dashboard — Risk overview

The landing page is the Risk overview: a letter-grade gauge, the four headline counters (actively exploited · credentials exposed · reachable tools · top attack-path risk), the security-posture grade with sub-scores (policy + controls, open evidence, packages + CVEs, reach + exposure, MCP configuration), and the score breakdown for each driver.

Dashboard — Attack paths and exposure

The second dashboard frame focuses on the fix-first path list and the coverage / backlog KPIs below it, so the attack-path drilldown stays readable without a tall stitched screenshot.

Fix-first remediation

Risk, reach, fix version, and framework context in one review table — operators act without jumping between pages.

Agent mesh

Agent-centered shared-infrastructure graph — selected agents, their shared MCP servers, tools, packages, and findings.

How a scan moves through the system — five stages, no source code or credentials leave your machine

Inside the engine: parsers, taint, call graph, blast-radius scoring.

External calls are limited to package metadata, version lookups, and CVE enrichment.

Enterprise self-hosted deployment

agent-bom runs inside your infrastructure: your VPC, your EKS cluster, your Postgres, your SSO, your KMS. No hosted control plane. No mandatory vendor backend. No mandatory telemetry.

The recommended motion is simple:

start with inventory using scans and fleet sync
prove findings, graph, and blast radius
add runtime later with proxy or gateway only where enforcement is worth it

That keeps the day-1 path easy while still giving you a full runtime story later.

Two diagrams explain the self-hosted shape without collapsing into one overloaded chart:

flowchart LR
    Scan["Scans + Fleet"] --> API["API + UI + Postgres"]
    API --> Graph["Findings + Graph + Audit"]
    API --> Gateway["Optional Gateway"]
    API --> Proxy["Optional Proxy"]

Deployment truth:

the browser UI drives workflows
the API owns auth, RBAC, tenant scope, graph, audit, and policy
workers do scans and ingest
fleet gives inventory without proxy
proxy and gateway are peer runtime surfaces, not a required serial chain

One product, two deployable images

agentbom/agent-bom = CLI, API, jobs, gateway, proxy, MCP server mode
agentbom/agent-bom-ui = browser control-plane UI

Use this split:

Goal	Recommended path	Default choice
Fastest pilot	deploy/docker-compose.pilot.yml	one machine, API + UI
Production self-hosted	scripts/deploy/install-eks-reference.sh	EKS + Postgres
Advanced/manual	Helm + your own values layering	only when you intentionally want to diverge

Runtime choices:

Need	Use
Inventory first	scans + fleet
Shared remote MCP traffic	`agent-bom gateway serve`
Workload-local inline enforcement	selected `agent-bom proxy` sidecars or local wrappers
Node-wide runtime coverage	optional monitor only if your platform team explicitly wants a DaemonSet

Current graph scale boundary:

the graph is strong for pilot and mid-market investigation flows, but larger tenants should stay windowed by snapshot, page, search, and blast-radius drilldown instead of expecting one giant browser canvas to stay smooth
operator sizing guidance and the shipped benchmark harness live in Performance, Sizing, and Benchmarks

Backend defaults:

Layer	Default	Add later only if needed
control plane	Postgres	Snowflake only when the published backend parity is the reason to choose it
analytics / archive	none required	ClickHouse, OTEL, S3

Start here by scenario

Need	Start here
fastest local pilot	Deployment Overview
self-host in vanilla AWS / EKS	Vanilla EKS Quickstart
self-host with mesh / ESO / cert-manager	Deploy In Your Own AWS / EKS Infrastructure
endpoint inventory and laptop rollout	Endpoint Fleet
proxy and gateway runtime operations	Runtime Operations
trust model, auth, tenant isolation	ENTERPRISE_SECURITY_PLAYBOOK.md
procurement security posture	ENTERPRISE_SECURITY_POSTURE.md
procurement evidence packet	ENTERPRISE_PROCUREMENT_PACKET.md
support, patch, and disclosure model	ENTERPRISE_SUPPORT_MODEL.md
SOC 2 / ISO / CIS control mapping	CONTROL_MAPPING.md

Advanced deployment notes

What becomes visible before proxy rollout

With scans and fleet sync alone, teams can already see:

which endpoints have MCP clients or collectors
which MCP servers are configured
transport: stdio, sse, or http
declared tools
command or URL
credential-backed environment variables
last seen and last synced state
package, image, IaC, and related finding context

Discovery confidence boundaries

configured MCP clients, transports, declared tools, command paths, URLs, auth mode, and credential-backed environment references are high-confidence inventory surfaces
source-code agent and tool extraction still mixes static parsing and heuristics, so indirect or runtime-only registrations can under-report today
inventory is a strong operator baseline now, not a claim that every dynamic framework registration path is fully captured already

What each surface owns

Surface	Owns	Does not own
UI	run-now actions, review, export, policy workflows	direct collection
API / control plane	auth, RBAC, tenant scope, orchestration, persistence, graph, audit, policy	inline MCP enforcement
Workers	scans, ingest, normalization, imports	browser sessions
Fleet	endpoint and collector inventory	runtime blocking
Proxy	local inline MCP inspection and audit relay	central policy storage
Gateway	shared remote MCP traffic and shared runtime policy evaluation	full control-plane persistence

Advanced references

full deployment overview: site-docs/deployment/overview.md
self-hosted AWS / EKS rollout: site-docs/deployment/own-infra-eks.md
endpoint inventory and fleet: site-docs/deployment/endpoint-fleet.md
proxy / gateway / fleet choice guide: site-docs/deployment/proxy-vs-gateway-vs-fleet.md
runtime operations: site-docs/deployment/runtime-operations.md
EKS production values: deploy/helm/agent-bom/examples/eks-production-values.yaml
focused pilot values: deploy/helm/agent-bom/examples/eks-mcp-pilot-values.yaml
regulated/zero-trust example: deploy/helm/agent-bom/examples/eks-istio-kyverno-values.yaml
Snowflake example: deploy/helm/agent-bom/examples/eks-snowflake-values.yaml

Trust & transparency

agent-bom is a read-only scanner. It never writes configs, never executes MCP servers, never stores credential values. No telemetry. No analytics. Releases are Sigstore-signed with SLSA provenance and self-published SBOMs.

When	What's sent	Where	Opt out
Default CVE lookups	Package names + versions	OSV API	`--offline`
Floating version resolution	Names + requested version	npm / PyPI / Go proxy	`--offline`
`--enrich`	CVE IDs	NVD, EPSS, CISA KEV	omit `--enrich`
`--deps-dev`	Package names + versions	deps.dev	omit `--deps-dev`
`verify`	Package + version	PyPI / npm integrity endpoints	don't run `verify`
Optional integrations	Finding summaries	Slack / Jira / Vanta / Drata	don't pass those flags

Full trust model: SECURITY_ARCHITECTURE.md · PERMISSIONS.md · SUPPLY_CHAIN.md · RELEASE_VERIFICATION.md · ENTERPRISE_SECURITY_POSTURE.md · CONTROL_MAPPING.md.

Compliance

Bundled mappings for FedRAMP, CMMC, NIST AI RMF, ISO 27001, SOC 2, OWASP LLM Top-10, MITRE ATLAS, and EU AI Act. Export tamper-evident evidence packets in one command.

agent-bom agents -p . --compliance-export fedramp -o fedramp-evidence.zip
agent-bom agents -p . --compliance-export nist-ai-rmf -o evidence.zip

The audit log itself is HMAC-chained and exportable as a signed JSON/JSONL bundle at GET /v1/audit/export.

Install & deploy

pip install agent-bom                        # CLI
docker run --rm agentbom/agent-bom agents    # Docker

For published containers, the packaging model is:

one product, two deployable images
agentbom/agent-bom = the main runtime image for CLI, API, jobs, gateway, proxy-related entrypoints, and MCP server mode
agentbom/agent-bom-ui = the browser dashboard image for the same self-hosted control plane

Mode	Best for
CLI (`agent-bom agents`)	local audit + project scan
Endpoint fleet (`--push-url …/v1/fleet/sync`)	employee laptops pushing into self-hosted fleet
GitHub Action (`uses: msaad00/[email protected]`)	CI/CD + SARIF
Docker (`agentbom/agent-bom`)	isolated scans, API jobs, and non-browser self-hosted entrypoints
Browser UI image (`agentbom/agent-bom-ui`)	the dashboard image paired with the same self-hosted control plane
Kubernetes / Helm (`helm install agent-bom deploy/helm/agent-bom`)	self-hosted API + dashboard, scheduled discovery
REST API (`agent-bom api`)	platform integration, self-hosted control plane
MCP server (`agent-bom mcp server`)	Claude Desktop, Claude Code, Cursor, Codex, Windsurf, Cortex
Runtime proxy (`agent-bom proxy`)	MCP traffic enforcement
Shield SDK (`from agent_bom.shield import Shield`)	in-process protection

Backend choices stay explicit and optional:

SQLite for local and single-node use
Postgres / Supabase for the primary transactional control plane
ClickHouse for analytics and event-scale persistence
Snowflake for warehouse-native governance and selected backend paths

Run locally, in CI, in Docker, in Kubernetes, as a self-hosted API + dashboard, or as an MCP server — no mandatory hosted control plane, no mandatory cloud vendor.

References: PRODUCT_BRIEF.md · PRODUCT_METRICS.md · ENTERPRISE.md · How agent-bom works.

CI/CD in 60 seconds

- uses: msaad00/[email protected]
  with:
    scan-type: scan
    severity-threshold: high
    upload-sarif: true
    enrich: true
    fail-on-kev: true

Container image gate, IaC gate, air-gapped CI, MCP scan, and the SARIF / SBOM examples are documented in site-docs/getting-started/quickstart.md.

MCP server

36 security tools available inside any MCP-compatible AI assistant:

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": ["agent-bom", "mcp", "server"]
    }
  }
}

Also on Glama, Smithery, MCP Registry, and OpenClaw.

Install extras + output formats

Extra	Command
Cloud providers	`pip install 'agent-bom[cloud]'`
MCP server	`pip install 'agent-bom[mcp-server]'`
REST API	`pip install 'agent-bom[api]'`
Dashboard	`pip install 'agent-bom[ui]'`
SAML SSO	`pip install 'agent-bom[saml]'`

JSON · SARIF · CycloneDX 1.6 (with ML BOM) · SPDX 3.0 · HTML · Graph JSON · Graph HTML · GraphML · Neo4j Cypher · JUnit XML · CSV · Markdown · Mermaid · SVG · Prometheus · Badge · Attack Flow · plain text. OCSF is used for runtime / SIEM event delivery, not as a general report format.

Contributing

git clone https://github.com/msaad00/agent-bom.git && cd agent-bom
pip install -e ".[dev-all]"
pytest && ruff check src/

CONTRIBUTING.md · docs/CLI_DEBUG_GUIDE.md · SECURITY.md · CODE_OF_CONDUCT.md

Apache 2.0 — LICENSE

from github.com/msaad00/agent-bom

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "msaad00-agent-bom": {
      "command": "npx",
      "args": []
    }
  }
}

msaad00/agent-bom

Бесплатно

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from v

автор: msaad00

GitHub

Описание

README

Open security scanner for AI supply chain and infrastructure — agents, MCP servers, packages, containers, cloud (AWS, Azure, GCP, Snowflake, Databricks, CoreWeave, Nebius), GPU, and runtime.

Every CVE in your AI stack is a credential leak waiting to happen. agent-bom follows the chain end-to-end and tells you exactly which fix collapses it.

CVE-2025-1234  (CRITICAL · CVSS 9.8 · CISA KEV)
  |── [email protected]  (npm)
       |── sqlite-mcp  (MCP Server · unverified · root)
            |── Cursor IDE  (Agent · 4 servers · 12 tools)
            |── ANTHROPIC_KEY, DB_URL, AWS_SECRET  (Credentials exposed)
            |── query_db, read_file, write_file, run_shell  (Tools at risk)

 Fix: upgrade better-sqlite3 → 11.7.0

Blast radius is the core idea: CVE -> package -> MCP server -> agent -> credentials -> tools. CWE-aware impact keeps a DoS from being reported like credential compromise.

Try the demo

agent-bom agents --demo --offline

Want an inspectable sample before scanning your own repo? Run the bundled first-run AI stack:

agent-bom samples first-run
agent-bom agents --inventory agent-bom-first-run/inventory.json -p agent-bom-first-run --enrich

Quick start

pip install agent-bom                  # CLI
# pipx install agent-bom               # isolated global install
# uvx agent-bom --help                 # ephemeral run

agent-bom agents                              # discover + scan local AI agents and MCP servers
agent-bom agents -p .                         # add project lockfiles + manifests
agent-bom samples first-run                   # write an inspectable sample AI stack
agent-bom check [email protected] --ecosystem pypi  # pre-install CVE gate
agent-bom image nginx:latest                  # container image scan
agent-bom iac Dockerfile k8s/ infra/main.tf   # IaC scan, optionally `--k8s-live`

Recommended pilot on one workstation:

curl -fsSL https://raw.githubusercontent.com/msaad00/agent-bom/main/deploy/docker-compose.pilot.yml -o docker-compose.pilot.yml
docker compose -f docker-compose.pilot.yml up -d
# Dashboard -> http://localhost:3000

Recommended full self-hosted path in your own AWS / EKS:

export AWS_REGION="<your-aws-region>"
scripts/deploy/install-eks-reference.sh \
  --cluster-name corp-ai \
  --region "$AWS_REGION" \
  --hostname agent-bom.internal.example.com \
  --enable-gateway

Advanced/manual path from a checked-out repo:

helm upgrade --install agent-bom deploy/helm/agent-bom \
  --namespace agent-bom --create-namespace \
  -f deploy/helm/agent-bom/examples/eks-production-values.yaml

After the first scan:

agent-bom agents -p . --remediate remediation.md                  # fix-first plan
agent-bom agents -p . --compliance-export fedramp -o evidence.zip # tamper-evident evidence bundle
pip install 'agent-bom[ui]' && agent-bom serve                    # API + bundled local UI

Product views — dashboard, remediation, and graph surfaces

Product views

Dashboard — Risk overview

Dashboard — Attack paths and exposure

The second dashboard frame focuses on the fix-first path list and the coverage / backlog KPIs below it, so the attack-path drilldown stays readable without a tall stitched screenshot.

Fix-first remediation

Risk, reach, fix version, and framework context in one review table — operators act without jumping between pages.

Agent mesh

Agent-centered shared-infrastructure graph — selected agents, their shared MCP servers, tools, packages, and findings.

How a scan moves through the system — five stages, no source code or credentials leave your machine

Inside the engine: parsers, taint, call graph, blast-radius scoring.

External calls are limited to package metadata, version lookups, and CVE enrichment.

Enterprise self-hosted deployment

agent-bom runs inside your infrastructure: your VPC, your EKS cluster, your Postgres, your SSO, your KMS. No hosted control plane. No mandatory vendor backend. No mandatory telemetry.

The recommended motion is simple:

start with inventory using scans and fleet sync
prove findings, graph, and blast radius
add runtime later with proxy or gateway only where enforcement is worth it

That keeps the day-1 path easy while still giving you a full runtime story later.

Two diagrams explain the self-hosted shape without collapsing into one overloaded chart:

flowchart LR
    Scan["Scans + Fleet"] --> API["API + UI + Postgres"]
    API --> Graph["Findings + Graph + Audit"]
    API --> Gateway["Optional Gateway"]
    API --> Proxy["Optional Proxy"]

Deployment truth:

the browser UI drives workflows
the API owns auth, RBAC, tenant scope, graph, audit, and policy
workers do scans and ingest
fleet gives inventory without proxy
proxy and gateway are peer runtime surfaces, not a required serial chain

One product, two deployable images

agentbom/agent-bom = CLI, API, jobs, gateway, proxy, MCP server mode
agentbom/agent-bom-ui = browser control-plane UI

Use this split:

Goal	Recommended path	Default choice
Fastest pilot	deploy/docker-compose.pilot.yml	one machine, API + UI
Production self-hosted	scripts/deploy/install-eks-reference.sh	EKS + Postgres
Advanced/manual	Helm + your own values layering	only when you intentionally want to diverge

Runtime choices:

Need	Use
Inventory first	scans + fleet
Shared remote MCP traffic	`agent-bom gateway serve`
Workload-local inline enforcement	selected `agent-bom proxy` sidecars or local wrappers
Node-wide runtime coverage	optional monitor only if your platform team explicitly wants a DaemonSet

Current graph scale boundary:

the graph is strong for pilot and mid-market investigation flows, but larger tenants should stay windowed by snapshot, page, search, and blast-radius drilldown instead of expecting one giant browser canvas to stay smooth
operator sizing guidance and the shipped benchmark harness live in Performance, Sizing, and Benchmarks

Backend defaults:

Layer	Default	Add later only if needed
control plane	Postgres	Snowflake only when the published backend parity is the reason to choose it
analytics / archive	none required	ClickHouse, OTEL, S3

Start here by scenario

Need	Start here
fastest local pilot	Deployment Overview
self-host in vanilla AWS / EKS	Vanilla EKS Quickstart
self-host with mesh / ESO / cert-manager	Deploy In Your Own AWS / EKS Infrastructure
endpoint inventory and laptop rollout	Endpoint Fleet
proxy and gateway runtime operations	Runtime Operations
trust model, auth, tenant isolation	ENTERPRISE_SECURITY_PLAYBOOK.md
procurement security posture	ENTERPRISE_SECURITY_POSTURE.md
procurement evidence packet	ENTERPRISE_PROCUREMENT_PACKET.md
support, patch, and disclosure model	ENTERPRISE_SUPPORT_MODEL.md
SOC 2 / ISO / CIS control mapping	CONTROL_MAPPING.md

Advanced deployment notes

What becomes visible before proxy rollout

With scans and fleet sync alone, teams can already see:

which endpoints have MCP clients or collectors
which MCP servers are configured
transport: stdio, sse, or http
declared tools
command or URL
credential-backed environment variables
last seen and last synced state
package, image, IaC, and related finding context

Discovery confidence boundaries

configured MCP clients, transports, declared tools, command paths, URLs, auth mode, and credential-backed environment references are high-confidence inventory surfaces
source-code agent and tool extraction still mixes static parsing and heuristics, so indirect or runtime-only registrations can under-report today
inventory is a strong operator baseline now, not a claim that every dynamic framework registration path is fully captured already

What each surface owns

Surface	Owns	Does not own
UI	run-now actions, review, export, policy workflows	direct collection
API / control plane	auth, RBAC, tenant scope, orchestration, persistence, graph, audit, policy	inline MCP enforcement
Workers	scans, ingest, normalization, imports	browser sessions
Fleet	endpoint and collector inventory	runtime blocking
Proxy	local inline MCP inspection and audit relay	central policy storage
Gateway	shared remote MCP traffic and shared runtime policy evaluation	full control-plane persistence

Advanced references

full deployment overview: site-docs/deployment/overview.md
self-hosted AWS / EKS rollout: site-docs/deployment/own-infra-eks.md
endpoint inventory and fleet: site-docs/deployment/endpoint-fleet.md
proxy / gateway / fleet choice guide: site-docs/deployment/proxy-vs-gateway-vs-fleet.md
runtime operations: site-docs/deployment/runtime-operations.md
EKS production values: deploy/helm/agent-bom/examples/eks-production-values.yaml
focused pilot values: deploy/helm/agent-bom/examples/eks-mcp-pilot-values.yaml
regulated/zero-trust example: deploy/helm/agent-bom/examples/eks-istio-kyverno-values.yaml
Snowflake example: deploy/helm/agent-bom/examples/eks-snowflake-values.yaml

Trust & transparency

When	What's sent	Where	Opt out
Default CVE lookups	Package names + versions	OSV API	`--offline`
Floating version resolution	Names + requested version	npm / PyPI / Go proxy	`--offline`
`--enrich`	CVE IDs	NVD, EPSS, CISA KEV	omit `--enrich`
`--deps-dev`	Package names + versions	deps.dev	omit `--deps-dev`
`verify`	Package + version	PyPI / npm integrity endpoints	don't run `verify`
Optional integrations	Finding summaries	Slack / Jira / Vanta / Drata	don't pass those flags

Full trust model: SECURITY_ARCHITECTURE.md · PERMISSIONS.md · SUPPLY_CHAIN.md · RELEASE_VERIFICATION.md · ENTERPRISE_SECURITY_POSTURE.md · CONTROL_MAPPING.md.

Compliance

Bundled mappings for FedRAMP, CMMC, NIST AI RMF, ISO 27001, SOC 2, OWASP LLM Top-10, MITRE ATLAS, and EU AI Act. Export tamper-evident evidence packets in one command.

agent-bom agents -p . --compliance-export fedramp -o fedramp-evidence.zip
agent-bom agents -p . --compliance-export nist-ai-rmf -o evidence.zip

The audit log itself is HMAC-chained and exportable as a signed JSON/JSONL bundle at GET /v1/audit/export.

Install & deploy

pip install agent-bom                        # CLI
docker run --rm agentbom/agent-bom agents    # Docker

For published containers, the packaging model is:

one product, two deployable images
agentbom/agent-bom = the main runtime image for CLI, API, jobs, gateway, proxy-related entrypoints, and MCP server mode
agentbom/agent-bom-ui = the browser dashboard image for the same self-hosted control plane

Mode	Best for
CLI (`agent-bom agents`)	local audit + project scan
Endpoint fleet (`--push-url …/v1/fleet/sync`)	employee laptops pushing into self-hosted fleet
GitHub Action (`uses: msaad00/[email protected]`)	CI/CD + SARIF
Docker (`agentbom/agent-bom`)	isolated scans, API jobs, and non-browser self-hosted entrypoints
Browser UI image (`agentbom/agent-bom-ui`)	the dashboard image paired with the same self-hosted control plane
Kubernetes / Helm (`helm install agent-bom deploy/helm/agent-bom`)	self-hosted API + dashboard, scheduled discovery
REST API (`agent-bom api`)	platform integration, self-hosted control plane
MCP server (`agent-bom mcp server`)	Claude Desktop, Claude Code, Cursor, Codex, Windsurf, Cortex
Runtime proxy (`agent-bom proxy`)	MCP traffic enforcement
Shield SDK (`from agent_bom.shield import Shield`)	in-process protection

Backend choices stay explicit and optional:

SQLite for local and single-node use
Postgres / Supabase for the primary transactional control plane
ClickHouse for analytics and event-scale persistence
Snowflake for warehouse-native governance and selected backend paths

Run locally, in CI, in Docker, in Kubernetes, as a self-hosted API + dashboard, or as an MCP server — no mandatory hosted control plane, no mandatory cloud vendor.

References: PRODUCT_BRIEF.md · PRODUCT_METRICS.md · ENTERPRISE.md · How agent-bom works.

CI/CD in 60 seconds

- uses: msaad00/[email protected]
  with:
    scan-type: scan
    severity-threshold: high
    upload-sarif: true
    enrich: true
    fail-on-kev: true

Container image gate, IaC gate, air-gapped CI, MCP scan, and the SARIF / SBOM examples are documented in site-docs/getting-started/quickstart.md.

MCP server

36 security tools available inside any MCP-compatible AI assistant:

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": ["agent-bom", "mcp", "server"]
    }
  }
}

Also on Glama, Smithery, MCP Registry, and OpenClaw.

Install extras + output formats

Extra	Command
Cloud providers	`pip install 'agent-bom[cloud]'`
MCP server	`pip install 'agent-bom[mcp-server]'`
REST API	`pip install 'agent-bom[api]'`
Dashboard	`pip install 'agent-bom[ui]'`
SAML SSO	`pip install 'agent-bom[saml]'`

Contributing

git clone https://github.com/msaad00/agent-bom.git && cd agent-bom
pip install -e ".[dev-all]"
pytest && ruff check src/

CONTRIBUTING.md · docs/CLI_DEBUG_GUIDE.md · SECURITY.md · CODE_OF_CONDUCT.md

Apache 2.0 — LICENSE

from github.com/msaad00/agent-bom

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "msaad00-agent-bom": {
      "command": "npx",
      "args": []
    }
  }
}

Command Palette

msaad00/agent-bom

Описание

README

Try the demo

Quick start

Product views

Dashboard — Risk overview

Dashboard — Attack paths and exposure

Fix-first remediation

Agent mesh

Enterprise self-hosted deployment

One product, two deployable images

Start here by scenario

What becomes visible before proxy rollout

Discovery confidence boundaries

What each surface owns

Advanced references

Trust & transparency

Compliance

Install & deploy

MCP server

Contributing

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant

msaad00/agent-bom

Описание

README

Try the demo

Quick start

Product views

Dashboard — Risk overview

Dashboard — Attack paths and exposure

Fix-first remediation

Agent mesh

Enterprise self-hosted deployment

One product, two deployable images

Start here by scenario

What becomes visible before proxy rollout

Discovery confidence boundaries

What each surface owns

Advanced references

Trust & transparency

Compliance

Install & deploy

MCP server

Contributing

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant