Skip to content

feat: add agent-bom MCP server (v0.68.2 — 30 tools)#784

Open
msaad00 wants to merge 11 commits intostacklok:mainfrom
msaad00:feat/add-agent-bom
Open

feat: add agent-bom MCP server (v0.68.2 — 30 tools)#784
msaad00 wants to merge 11 commits intostacklok:mainfrom
msaad00:feat/add-agent-bom

Conversation

@msaad00
Copy link

@msaad00 msaad00 commented Feb 23, 2026
edited
Loading

agent-bom — Security scanner for AI infrastructure

Adds agent-bom to the ToolHive catalog.

30 MCP tools covering: CVE scanning, blast radius analysis, credential exposure detection, CIS benchmarks, policy enforcement, SBOM generation, compliance across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act, and more).

Server details

Field Value
Image ghcr.io/msaad00/agent-bom:v0.68.1
Transport stdio
License Apache-2.0
Tools 30

Optional environment variables

Variable Description
NVD_API_KEY NVD API key for higher rate limits on CVSS enrichment
SNYK_TOKEN Snyk API token for vulnerability enrichment

@rdimitrov rdimitrov force-pushed the feat/add-agent-bom branch from 80cb5b9 to 0074c4c Compare March 5, 2026 14:03
Wegz and others added 3 commits March 5, 2026 13:30
@msaad00
feat: add agent-bom MCP server
997564c 
AI supply chain security scanner for MCP servers and AI agents.
Provides CVE scanning, blast radius analysis, policy enforcement,
SBOM generation (CycloneDX/SPDX/SARIF), and remediation planning.

Signed-off-by: Mohamed Saad <msaad00@users.noreply.github.com>
Signed-off-by: Wegz <mohamedsaad@Wegzs-MacBook-Pro.local>
@msaad00
feat: update agent-bom to v0.31.1 with GHCR image
1cf708b 
- Update image from docker.io/agentbom/agent-bom:0.28.1 to
  ghcr.io/msaad00/agent-bom:v0.31.1
- Fix namespace from io.github.stacklok to io.github.msaad00
- Update version from 1.0.0 to 0.31.1
- Add check tool and npm/PyPI to allowed network hosts
@msaad00
feat: update agent-bom to v0.54.0 — 18 MCP tools, CIS benchmarks, 10 …
98d0d4a 
…compliance frameworks

Major update from v0.31.1 (8 tools) to v0.54.0 (18 tools):

New tools: verify, where, inventory, diff, skill_trust,
marketplace_check, code_scan, context_graph, analytics_query,
cis_benchmark

New capabilities:
- CIS benchmarks (AWS Foundations v3.0, Snowflake v1.0)
- 20 MCP client auto-discovery
- 13 cloud provider scanning
- 10 compliance frameworks (OWASP LLM, MITRE ATLAS, NIST, EU AI Act, ...)
- Policy-as-code with 18 conditions
- Transitive dependency resolution (npm, PyPI, Go, Cargo, Maven)
@msaad00 msaad00 force-pushed the feat/add-agent-bom branch from 0074c4c to 98d0d4a Compare March 5, 2026 18:40
@msaad00 msaad00 changed the title feat: add agent-bom MCP server feat: add agent-bom MCP server (v0.54.0 — 18 tools) Mar 5, 2026
msaad00 and others added 2 commits March 5, 2026 14:00
@msaad00
chore: bump agent-bom to v0.55.0 (Streamlit dashboard, self-scan)
cb5aaac
@agent-bom
feat: update agent-bom to v0.68.1 — 30 MCP tools
adb2e38 
- Version: 0.55.0 → 0.68.1
- Tools: 18 → 30 (added fleet_scan, runtime_correlate, vector_db_scan,
  aisvs_benchmark, gpu_infra_scan, dataset_card_scan, training_pipeline_scan,
  browser_extension_scan, model_provenance_scan, prompt_scan, model_file_scan,
  license_compliance_scan)
- Description: updated to canonical tagline
- Tags: added ai-infrastructure, gpu, runtime-enforcement
- Env vars: added optional SNYK_TOKEN
- Author: corrected to Wagdy Saad

Signed-off-by: Wagdy Saad <andwgdysaad@gmail.com>
@msaad00 msaad00 changed the title feat: add agent-bom MCP server (v0.54.0 — 18 tools) feat: add agent-bom MCP server (v0.68.1 — 30 tools) Mar 10, 2026
@agent-bom
fix: remove unnecessary SNYK_TOKEN env var from listing
2f44731 
Signed-off-by: Wagdy Saad <andwgdysaad@gmail.com>
@agent-bom
fix: add required icons, overview, and correct version format
f6ba5f8 
- Add icon.svg (shield logo) to server directory
- Add icons array to server.json pointing to raw GitHub URL
- Add overview markdown in _meta (capabilities summary)
- Change version from "0.68.1" to "1.0.0" (catalog entry version, not software version)
- Remove SNYK_TOKEN (unnecessary env var)

Signed-off-by: Wagdy Saad <andwgdysaad@gmail.com>
@agent-bom
chore: bump image tag to v0.68.2
033def0 
Signed-off-by: Wagdy Saad <andwgdysaad@gmail.com>
@msaad00 msaad00 changed the title feat: add agent-bom MCP server (v0.68.1 — 30 tools) feat: add agent-bom MCP server (v0.68.2 — 30 tools) Mar 10, 2026
@rdimitrov
Copy link
Member

rdimitrov commented Mar 12, 2026

Hi @msaad00, thanks for your patience on this, it took us a bit longer to get through the review 🍻

Here are the main findings:

  1. The image tag is a bit stale, but that's not a problem that much since our renovate automation would pick it up
  2. SNYK_TOKEN mentioned in the PR description but missing from server.json so we should either add it as an env var (with isSecret: true) or remove it from the description 👍
  3. No build provenance/attestation - the Docker publish workflow doesn't include actions/attest-build-provenance, which is something we look for in the registry. Adding that would also let you populate a provenance block in _meta. Let us know if you need help about how to setup this, happy to forward you examples of how to sign and pubilsh the signature using cosign
  4. _meta publisher namespace - this one is real issue as the entry uses io.github.msaad00 rather than io.github.stacklok

One broader note: the project is very new (~3 weeks) with an extremely high release cadence (~70 versions). That's not a blocker, but it does mean we'd be updating the catalog entry frequently. Something to keep in mind as we think about stability for users.

Let us know if you have questions and thanks for reaching out! 🙏

@msaad00 msaad00 mentioned this pull request Mar 12, 2026
Merged
andres-linero pushed a commit to msaad00/agent-bom that referenced this pull request Mar 12, 2026
@msaad00
fix: address toolhive-catalog PR #784 review feedback (#688)
e1bebc2 
## Summary
Addresses all 4 review points from rdimitrov on
stacklok/toolhive-catalog#784.

- **_meta publisher namespace**: `io.github.msaad00` →
`io.github.stacklok` (confirmed correct format against Stripe, AWS API,
Slack entries in the catalog)
- **SNYK_TOKEN**: already absent from `server.json` — only `NVD_API_KEY`
is present. Will update PR description in toolhive-catalog to remove the
stale SNYK mention.
- **Build provenance/attestation**: added
`actions/attest-build-provenance@a2bbfa25...` to `publish-mcp.yml`
`publish-stdio` job — GHCR image gets SLSA attestation on every release
going forward
- **Tool count**: added `ingest_external_scan` as the 31st tool in
`_meta.tools` (was missing from the list)
- **Image tag**: v0.70.5 (current); renovate automation handles future
bumps as reviewer noted

## What was NOT changed
- `actions/attest-build-provenance` was already present in `release.yml`
for PyPI packages — this PR extends it to cover the GHCR Docker image as
well
@msaad00
Copy link
Author

msaad00 commented Mar 12, 2026

Hi @rdimitrov, thanks for the thorough review! All 4 points addressed:

  1. Image tag — noted, leaving to renovate as you suggested.
  2. SNYK_TOKENserver.json never had it (only NVD_API_KEY); it was a stale line in the PR description. Removed from the description now.
  3. Build provenance/attestation — added actions/attest-build-provenance to the publish-mcp.yml workflow that pushes the GHCR image. The PyPI build already had SLSA provenance via the same action; the container is now covered too. (msaad00/agent-bom#688)
  4. _meta publisher namespace — fixed: io.github.msaad00io.github.stacklok. Also updated image tag to v0.70.5 and tool count to 31 while here.

Re the release cadence note — understood. The high version count is from the initial burst of feature work; it's stabilizing. For catalog maintenance, renovate will handle image tag bumps automatically.

@msaad00
Copy link
Author

msaad00 commented Mar 12, 2026

Update on point 2 (SNYK_TOKEN / env vars):

After further review, we've removed NVD_API_KEY from server.json entirely. Our primary CVE source is OSV (no rate limits, no credentials needed), and NVD enrichment works without a key — just rate limited. Asking users to register for their own NVD API key is unnecessary friction; Grype and Trivy don't require it either. The server.json now has no required or optional environment variables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msaad00 @rdimitrov @agent-bom