agent-bom

--- name: agent-bom description: >- Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust across MCP discovery, CVEs, SBOMs, CIS benchmarks (AWS, Azure, GCP, Snowflake), OWASP/NIST/MITRE compliance, AISVS v1.0, MAESTRO layer tagging, and vector database security checks. Use when the user mentions vulnerability scanning, MCP server trust, compliance, SBOM generation, CIS benchmarks, blast radius, or AI supply chain risk. version: 0.75.15 license: Apache-2.0 compatibility: >- Requires Python 3.11+. Install via pipx or pip. No credentials required for basic scanning. Native container image scanning — no external scanner required. CIS benchmark checks optionally use cloud SDK credentials (AWS/Azure/GCP/Snowflake). metadata: author: msaad00 homepage: https://github.com/msaad00/agent-bom source: https://github.com/msaad00/agent-bom pypi: https://pypi.org/project/agent-bom/ scorecard: https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom tests: 7239 install: pipx: agent-bom pip: agent-bom docker: ghcr.io/msaad00/agent-bom:0.75.15 openclaw: requires: bins: [] env: [] credentials: none credential_policy: >- Zero credentials required for CVE scanning, blast radius, compliance evaluation, SBOM generation, and MCP registry lookups. Optional env vars below increase rate limits or enable cloud CIS checks. Env var values in discovered config files are replaced with REDACTED by sanitize_env_vars() in the installed code — verify at https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159 optional_env: - name: SNYK_TOKEN purpose: "Optional third-party vulnerability enrichment for code_scan (requires SNYK_TOKEN)" required: false - name: AWS_PROFILE purpose: "AWS CIS benchmark checks — uses boto3 with local AWS profile" required: false - name: AZURE_TENANT_ID purpose: "Azure CIS benchmark checks (azure-mgmt-* SDK)" required: false - name: AZURE_CLIENT_ID purpose: "Azure CIS benchmark checks — service principal client ID" required: false - name: AZURE_CLIENT_SECRET purpose: "Azure CIS benchmark checks — service principal secret" required: false - name: GOOGLE_APPLICATION_CREDENTIALS purpose: "GCP CIS benchmark checks (google-cloud-* SDK)" required: false - name: SNOWFLAKE_ACCOUNT purpose: "Snowflake CIS benchmark checks" required: false - name: SNOWFLAKE_USER purpose: "Snowflake CIS benchmark checks" required: false - name: SNOWFLAKE_PRIVATE_KEY_PATH purpose: "Snowflake key-pair auth (CI/CD)" required: false - name: SNOWFLAKE_AUTHENTICATOR purpose: "Snowflake auth method (default: externalbrowser SSO)" required: false optional_bins: - semgrep - kubectl emoji: "\U0001F6E1" homepage: https://github.com/msaad00/agent-bom source: https://github.com/msaad00/agent-bom license: Apache-2.0 os: - darwin - linux - windows install_verification: >- VERIFY BEFORE running with any config files: (1) pip install agent-bom; (2) Review sanitize_env_vars() at security.py#L159 — confirms env value redaction; (3) Review discovery/__init__.py — confirms only structural config data extracted; (4) agent-bom verify agent-bom — Sigstore provenance check; (5) Only then run agent-bom agents credential_handling: >- Env var values are NEVER extracted from config files. sanitize_env_vars() replaces all env values with REDACTED BEFORE any config data is processed or stored. Only structural data (server names, commands, URLs) passes through. Source: https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159 data_flow: >- Scanning is local-first. What leaves the machine: (1) public package names and CVE IDs sent to vulnerability databases (OSV, NVD, EPSS, GitHub Advisories) for CVE lookup; (2) CIS benchmark checks make read-only API calls to cloud providers (AWS/Azure/GCP/Snowflake) using your locally configured credentials, only when explicitly invoked. What stays local: all config file contents, env var values, credentials, scan results, compliance tags, and SBOM data. Registry lookups (427+ MCP servers) are bundled in-package with zero network calls. Env var values in discovered config files are replaced with REDACTED by sanitize_env_vars() in the installed code. file_reads: # Claude Desktop - "~/Library/Application Support/Claude/claude_desktop_config.json" - "~/.config/Claude/claude_desktop_config.json" # Claude Code - "~/.claude/settings.json" - "~/.claude.json" # Cursor - "~/.cursor/mcp.json" - "~/Library/Application Support/Cursor/User/globalStorage/cursor.mcp/mcp.json" # Windsurf - "~/.windsurf/mcp.json" # Cline - "~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" # VS Code Copilot - "~/Library/Application Support/Code/User/mcp.json" # Codex CLI - "~/.codex/config.toml" # Gemini CLI - "~/.gemini/settings.json" # Goose - "~/.config/goose/config.yaml" # Continue - "~/.continue/config.json" # Zed - "~/.config/zed/settings.json" # Roo Code - "~/Library/Application Support/Code/User/globalStorage/rooveterinaryinc.roo-cline/settings/cline_mcp_settings.json" # Amazon Q - "~/Library/Application Support/Code/User/globalStorage/amazonwebservices.amazon-q-vscode/mcp.json" # JetBrains AI - "~/Library/Application Support/JetBrains/*/mcp.json" - "~/.config/github-copilot/intellij/mcp.json" # Junie - "~/.junie/mcp/mcp.json" # GitHub Copilot CLI - "~/.copilot/mcp-config.json" # Tabnine - "~/.tabnine/mcp_servers.json" # Cortex Code (Snowflake) - "~/.snowflake/cortex/mcp.json" - "~/.snowflake/cortex/settings.json" - "~/.snowflake/cortex/permissions.json" - "~/.snowflake/cortex/hooks.json" # Snowflake CLI - "~/.snowflake/connections.toml" - "~/.snowflake/config.toml" # Project-level configs - ".mcp.json" - ".vscode/mcp.json" - ".cursor/mcp.json" # User-provided files - "user-provided SBOM files (CycloneDX/SPDX JSON)" - "user-provided policy files (YAML/JSON policy-as-code)" - "user-provided audit log files (JSONL from agent-bom proxy)" - "user-provided SKILL.md files (for skill_trust analysis)" file_writes: [] network_endpoints: - url: "https://api.osv.dev/v1" purpose: "OSV vulnerability database — batch CVE lookup for packages" auth: false - url: "https://services.nvd.nist.gov/rest/json/cves/2.0" purpose: "NVD secondary enrichment — adds CWE IDs, dates, references (no key required)" auth: false - url: "https://api.first.org/data/v1/epss" purpose: "EPSS exploit probability scores" auth: false - url: "https://api.github.com/advisories" purpose: "GitHub Security Advisories — supplemental CVE lookup" auth: false - url: "https://api.snyk.io" purpose: "Optional third-party vulnerability enrichment for code_scan (requires SNYK_TOKEN)" auth: true - url: "https://*.amazonaws.com" purpose: "AWS CIS benchmark checks — read-only API calls (optional, user-initiated)" auth: true optional: true - url: "https://management.azure.com" purpose: "Azure CIS benchmark checks — read-only API calls (optional, user-initiated)" auth: true

...