agent-bom
Active·★ 20·Apache-2.0·Updated 2026-05-29
★ Trending★ Security & Safety★ LLM Infra
Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.
agent-bom is an end-to-end open security scanner for the AI supply chain. It performs CVE discovery, blast-radius analysis, and provides remediation guidance. It supports multiple entry points including agent scanning, container image scanning, IaC scanning, and a self-hosted enterprise deployment.
#ai-agents#ai-security#ai-supply-chain#aibom#blast-radius#cloud-security#compliance#container-security
01
Features
01End-to-end blast radius analysis from CVE to credential exposure
02Multi-entrypoint scanning: agents, images, IaC, packages, cloud
03Compliance export (FedRAMP, SOC2, NIST AI RMF, etc.) with tamper-evident evidence bundles
04Self-hosted enterprise deployment with Helm, Postgres, ClickHouse, and Snowflake backends
05Runtime MCP proxy and gateway for traffic enforcement and audit
02
Compatibility
CLI
Command Line Interface
Verified via docs
Docker
Docker Container
Verified via docs
Kubernetes
Kubernetes Helm
Verified via docs
GitHub Actions
GitHub Action
Verified via docs
MCP Server
MCP Server
Verified via docs
03
Quick start
1
$ pip install agent-bom
04
Use cases
↳CI/CD gating for AI supply chain security
↳Security team audit of AI agents and MCP servers
↳Self-hosted enterprise security scanning with fleet management
05
Alternatives
awesome-n8n-templates★ 22.6k
Supercharge your workflow automation with this curated collection of n8n templates! Instantly connect your favorite apps-like Gmail, Telegram, Google Drive, Slack, and more-with ready-to-use, AI-powered automations. Save time, boost productivity, and unlock the true potential of n8n in just a few clicks.
FastMCP★ 25.4k
The fast, Pythonic way to build MCP servers and clients. Designed by the Pydantic team for type safety and speed.
agents-best-practices★ 1.1k
Provider-neutral Agent Skill for Codex, Claude Code, and agentic harness design.
stackql★ 843
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
awesome-claude★ 250
HeyClaude is a curated registry and distribution surface for Claude and AI-workflow assets: agents, MCP servers, skills, commands, hooks, rules, guides, tools, jobs, Raycast feeds, static data exports, and an npm MCP package.
Related searches
Comments
Log in to leave a comment
- CCorey JohnsonMay 7, 2026
Security scanner for AI supply chain — agents, MCP, containers, cloud, GPU all covered.
- MMorgan AndersonApr 2, 2026
Bill of materials approach to AI security is the right model for auditability.
- KKai JohnsonMar 28, 2026
Good for security teams who need to understand the AI tooling attack surface.
- CCorey KimMar 6, 2026
Open-source means the scanning logic is transparent and auditable.