Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/msaad00/agent-bom

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.
https://github.com/msaad00/agent-bom

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security compliance container-security cyclonedx devsecops kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Last synced: 27 days ago
JSON representation

Open security scanner for AI supply chain and infrastructure: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

Awesome Lists containing this project

README 

          


  

    

    agent-bom

  






  Build

  PyPI

  Docker

  License

  OpenSSF Scorecard




Open security scanner and self-hosted control plane for AI/MCP infrastructure.


Headless agent primitives and human cockpit surfaces over the same evidence model.





  Docs ·

  First Run ·

  Self-host ·

  GitHub Action ·

  Docker ·

  Changelog




`agent-bom` scans local and fleet AI infrastructure, builds an AI BOM across

agents, MCP servers, tools, packages, credential environment names, cloud,

runtime, and skills, then turns that inventory into findings, compliance

evidence, and graph-backed exposure paths.



The same evidence is available through CLI/CI, REST API, MCP tools, and a

self-hosted dashboard. Runtime proxy/gateway controls are optional and scoped

to environments where enforcement is worth the operational cost.





  

    

    agent-bom blast-radius drilldown — package to finding to MCP server to agent

  




```text

package -> vulnerability finding -> MCP server -> tools + credential refs -> agent

```



Blast radius is the core idea. A vulnerable package is not just a CVE row; it

is linked to the MCP server that loads it, the tools exposed by that server,

the credential environment names in reach, and the agents that can call it.



## First Run



```bash

pip install agent-bom

agent-bom agents --demo --offline

```



The demo uses real OSV/GHSA advisories against intentionally vulnerable sample

packages and produces graph-ready inventory without touching your source tree.

For a real local scan:



```bash

agent-bom agents -p . -f html -o agent-bom-report.html

```



Want an inspectable sample stack first?



```bash

agent-bom samples first-run

agent-bom agents --inventory agent-bom-first-run/inventory.json -p agent-bom-first-run --enrich

```



See [docs/FIRST_RUN.md](docs/FIRST_RUN.md) for the guided path from CLI output

to the dashboard.





  agent-bom terminal demo




## Product Proof



The dashboard screenshots below are captured from the packaged UI with bundled

demo data, not mockups. The README keeps the first screen focused; expand the

gallery when you want to inspect the control-plane surfaces.



Evidence cockpit and agent mesh





  agent-bom risk overview dashboard with posture score, findings, and attack path summary






  agent-bom agent mesh graph showing agent, MCP server, package, tool, credential reference, and finding path




Graph investigation and remediation views





  agent-bom security graph with attack-path queue, graph evidence export, and remediation handoff






  agent-bom lineage graph centered on an agent with bounded paths, filters, and graph evidence export






  agent-bom dependency map with scan pipeline counts and package risk distribution






  agent-bom remediation dashboard with prioritized package fixes and compliance context




Screenshot capture rules and the full manifest live in

[docs/CAPTURE.md](docs/CAPTURE.md) and

[docs/images/product-screenshots.json](docs/images/product-screenshots.json).



## Start Here



| Goal | Command | Artifact |

|---|---|---|

| Local agent and MCP inventory | `agent-bom agents` | findings, AI BOM, graph-ready JSON |

| Repo and lockfile scan | `agent-bom agents -p .` | package findings, SARIF/SBOM/HTML when requested |

| Pre-install guard | `agent-bom check flask@2.0.0 --ecosystem pypi` | deterministic allow/warn/block result |

| Container image scan | `agent-bom image nginx:latest` | image findings and remediation |

| IaC scan | `agent-bom iac Dockerfile k8s/ infra/main.tf` | IaC findings and policy context |

| CI gate | `uses: msaad00/agent-bom@v0.88.3` | SARIF, PR summary, optional code-scanning upload |

| MCP tools | `pip install 'agent-bom[mcp-server]' && agent-bom mcp server` | strict-args security tools for MCP clients |

| Local API/UI | `pip install 'agent-bom[ui]' && agent-bom serve` | API plus bundled dashboard |

| Self-hosted pilot | `docker compose -f docker-compose.pilot.yml up -d` | API and dashboard in your environment |



The base wheel is the scanner and CLI path. Optional runtime surfaces fail fast

with install hints when their extras are missing.



MCP registry publishing is tracked through the committed Smithery manifest and

other registry metadata; install and liveness checks stay in the linked

integration docs instead of this front door.



## Shipped Surfaces



| Surface | Primary user | Current boundary |

|---|---|---|

| CLI / CI | developers and release gates | local scans, SARIF/SBOM/HTML/JSON, deterministic exit codes |

| REST API | control-plane integrations | scans, bulk findings, dataset versions, graph evidence, audit, runtime summaries |

| MCP tools | agents and assistants | strict arguments, read-mostly security queries, exposure paths, deploy decisions, audited Shield actions |

| Dashboard | security teams and operators | inventory, findings, graph cockpit, compliance, evidence, runtime posture |

| Runtime proxy/gateway | runtime operators | scoped MCP traffic inspection, policy decisions, redacted audit evidence |

| Python client | services, notebooks, and automation | typed helper for stable REST endpoints in the packaged wheel |

| TypeScript client | services and agent runtimes | typed helper for stable REST endpoints |



MCP server mode advertises 55 MCP tools, 6 resources, and 6 workflow prompts.

Most tools are read-only. The three Shield write actions fail closed unless

the caller supplies `operator_role=admin`, `operator_scopes=shield:write`, and

an audit reason.



CLI scan commands run local scan pipelines today. They share lower scanner and

discovery libraries with the API, but they are not API wrappers yet.



## Deploy In Your Boundary



`agent-bom` is designed for customer-controlled deployment: local CLI, Docker,

GitHub Action, Helm, EKS, Postgres, and optional runtime proxy/gateway.



```bash

curl -fsSL https://raw.githubusercontent.com/msaad00/agent-bom/main/deploy/docker-compose.pilot.yml -o docker-compose.pilot.yml

docker compose -f docker-compose.pilot.yml up -d

# Dashboard -> http://localhost:3000

```



Production self-hosting starts with the deployment chooser:



- [Deployment overview](site-docs/deployment/overview.md)

- [Helm chart](deploy/helm/agent-bom)

- [EKS reference installer](scripts/deploy/install-eks-reference.sh)

- [Docker Hub image](https://hub.docker.com/r/agentbom/agent-bom)



There is no managed cloud offering in this repository today. Product lane

boundaries are documented in [docs/PRODUCT_BOUNDARIES.md](docs/PRODUCT_BOUNDARIES.md).



## Trust Model



- Read-only discovery by default for cloud and local inventory.

- No mandatory telemetry.

- Credential values are redacted; credential environment names are preserved as

  evidence so exposure paths stay explainable.

- Findings can export as JSON, SARIF, CycloneDX, SPDX, Markdown, HTML, and

  compliance evidence bundles.

- API and runtime paths are designed for tenant scope, auth boundaries, and

  audit evidence.

- OpenAPI artifacts are committed for SDK and client contract checks.



Security and release references:



- [Threat model](docs/THREAT_MODEL.md)

- [Pentest readiness](docs/PENTEST_READINESS.md)

- [Python API and control-plane client](docs/PYTHON_API.md)

- [Go control-plane client](sdks/go/README.md)

- [Product metrics](docs/PRODUCT_METRICS.md)

- [Release verification](docs/RELEASE_VERIFICATION.md)

- [GitHub Action](https://github.com/marketplace/actions/agent-bom)



## Product Views



The docs site carries the deployment-oriented walkthroughs behind those

screenshots:



- [Dashboard and graph capture protocol](docs/CAPTURE.md)

- [Documentation site](https://msaad00.github.io/agent-bom/)

- [Deployment overview](site-docs/deployment/overview.md)



## Contributing



Contributions are welcome. Start with:



- [CONTRIBUTING.md](CONTRIBUTING.md)

- [.agents/AGENTS.md](.agents/AGENTS.md)

- [Open issues](https://github.com/msaad00/agent-bom/issues)



License: Apache-2.0.