Skip to main content

Open security scanner and self-hosted control plane for AI, MCP, and cloud infrastructure.

Project description

agent-bom

Open security scanner and self-hosted control plane for AI, MCP, and cloud infrastructure.

Start with the demo, then choose the entrypoint that matches your first job: repo scan, image scan, cloud posture, fix plan, dashboard, MCP tools, or runtime review.

better-sqlite3@9.0.0  (npm package)
  |── OSV/GHSA finding  (critical · advisory-backed)
  |── sqlite-mcp  (MCP Server · unverified · root)
       |── Cursor IDE  (Agent · 4 servers · 12 tools)
       |── ANTHROPIC_KEY, DB_URL, AWS_SECRET  (Credential env names visible)
       |── query_db, read_file, write_file, run_shell  (Reachable tools)

 Fix: upgrade better-sqlite3 → 11.7.0

Blast radius is the core idea: package -> vulnerability finding -> MCP server (tools + credential env names) -> connected agents. This schematic explains the model; emitted findings are backed by the configured advisory sources.

Scan local agent configs, MCP servers, instruction files, lockfiles, containers, cloud estate, AI models/datasets, non-human identities, LLM cost, GPU surfaces, and runtime evidence.

Try the built-in demo first:

agent-bom agents --demo --offline

The demo uses a curated sample so the output stays reproducible across releases. For real scans, run agent-bom agents, or add -p . to fold project manifests and lockfiles into the same result.

If you want an inspectable sample before scanning your own repo:

agent-bom samples first-run
agent-bom agents --inventory agent-bom-first-run/inventory.json -p agent-bom-first-run --enrich

The bundled first-run stack includes agent inventory, MCP server definitions, placeholder credential environment variable names, Python/npm manifests, and a prompt file. See docs/FIRST_RUN.md in the repository for the guided flow.

See the terminal demo

agent-bom demo

Recommended starting points

pip install agent-bom

agent-bom quickstart --dry-run --offline          # Scan, sample-data, and API/UI next steps
agent-bom agents -p .                            # Repo + MCP + package blast radius
agent-bom samples first-run                      # Inspectable sample AI stack
agent-bom check flask@2.2.0 --ecosystem pypi     # Pre-install package verdict
agent-bom image nginx:latest                     # Container image scan
agent-bom agents -p . --remediate remediation.md # Fix-first remediation plan
pip install 'agent-bom[ui]'                      # once, if you want the dashboard
agent-bom serve                                  # API + dashboard + graph explorer

The base wheel is the scanner/CLI path. Install optional surfaces explicitly: pip install 'agent-bom[mcp-server]' for MCP server mode and pip install 'agent-bom[ui]' for the local API/dashboard process. Use pip install 'agent-bom[all]' for supported first-run extras; MLflow remains separate until its upstream CVE backlog is fixed. If an extra is missing, the command exits with the matching install hint.

Self-hosted pilot:

curl -fsSL https://raw.githubusercontent.com/msaad00/agent-bom/main/deploy/docker-compose.pilot.yml -o docker-compose.pilot.yml
docker compose -f docker-compose.pilot.yml up -d
# Dashboard -> http://localhost:3000

Production chart from a checked-out repo:

helm upgrade --install agent-bom deploy/helm/agent-bom \
  --namespace agent-bom --create-namespace \
  -f deploy/helm/agent-bom/examples/eks-production-values.yaml

Product views

Dashboard

agent-bom dashboard overview

Agent mesh graph

agent-bom agent mesh graph

What it scans

  • Agents + MCP — MCP clients, servers, tools, transports, trust posture
  • Skills + instructionsCLAUDE.md, AGENTS.md, .cursorrules, .windsurfrules, skills/*
  • Package risk — supply-chain scanning across 15 package ecosystems (including mix.lock / pubspec.lock for Hex and Pub) with OSV/GHSA enrichment and blast radius
  • AI models + datasets — malicious-model detection via safe pickle-opcode disassembly (no execution), model/dataset cards, and target-scoped PII/PHI dataset-file scanning
  • Container images + IaC — native OCI parsing plus Dockerfile, Terraform, CloudFormation, Helm, and Kubernetes coverage
  • Cloud estate — read-only, gated asset inventory across AWS/Azure/GCP plus AI/GPU posture and CIS benchmarks
  • Identity (NHI) — non-human identity discovery (Okta/Entra), credential-expiry posture, and access-review campaigns
  • LLM cost — spend forecasting, budget runway, chargeback/allocation, and seasonal-aware spend-anomaly detection
  • Secrets + runtime — MCP proxy/gateway, inline firewall enforcement, A2A/MCP auth posture, Shield SDK, secrets, and redaction surfaces
  • Compliance + evidence — mapped governance plus ZIP evidence bundles for auditors

Key features

  • Blast radius + attack-path fusion — multi-hop exposure paths over one unified ContextGraph, from package → finding → MCP server → credentials → connected agents
  • CWE-aware impact — RCE shows credential exposure, DoS does not; symbol-level CVE reachability joins CWE/CVE/CPE advisory context when OSV/GHSA carry affected symbols (Python, npm, Go)
  • Portable outputs — SARIF, CycloneDX, SPDX, OCSF, HTML, graph, JSON, ZIP evidence bundles, and more
  • MCP server mode — 69 MCP tools, 6 resources, and 6 workflow prompts exposed to MCP clients like Claude, Cursor, Windsurf, and Cortex CoCo / Cortex Code
  • Skill bundle identity — stable bundle hashes for skill and instruction file review
  • Dependency confusion detection — flags internal naming patterns
  • VEX generation — auto-triage with CWE/CVE/CPE-aware reachability (package + function-level when advisory symbols exist)

Read-only. Agentless. No secrets leave your machine unless you explicitly enable an outbound integration.

How the data moves

How agent-bom works

Blast radius

Blast radius

Links

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_bom-0.94.0.tar.gz (6.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_bom-0.94.0-py3-none-any.whl (5.5 MB view details)

Uploaded Python 3

File details

Details for the file agent_bom-0.94.0.tar.gz.

File metadata

  • Download URL: agent_bom-0.94.0.tar.gz
  • Upload date:
  • Size: 6.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_bom-0.94.0.tar.gz
Algorithm Hash digest
SHA256 af59aa919c2c01d606ef13a9917512a4c8ee5aa8a616bff4bef5cfd6d0011ff2
MD5 d9971af89dde29df1978682c8e2a03de
BLAKE2b-256 bbdbc3c9b667412839d433d5b863c894f63c86dabb572da270b602cff0a15549

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_bom-0.94.0.tar.gz:

Publisher: release.yml on msaad00/agent-bom

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_bom-0.94.0-py3-none-any.whl.

File metadata

  • Download URL: agent_bom-0.94.0-py3-none-any.whl
  • Upload date:
  • Size: 5.5 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for agent_bom-0.94.0-py3-none-any.whl
Algorithm Hash digest
SHA256 559f6e06dceb5658d6dadabd8fe6c1d79e546b11f96540fabe4868da007983d0
MD5 7f6d8930c24f9bac22360d5588f9cb11
BLAKE2b-256 2bb60473dd3443d17f830f77e1ba03cbdbac935d05ea7d7a3d1b26d14c80765d

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_bom-0.94.0-py3-none-any.whl:

Publisher: release.yml on msaad00/agent-bom

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page