security_audit_sbom_continuous
Register an SBOM watch to continuously monitor for new CVEs against CycloneDX or SPDX dependencies. Check anytime for vulnerability updates using OSV.dev.
Instructions
Persistent SBOM watch. Register once, check anytime for new CVEs affecting your dependency snapshot. Silent permanent watch — CycloneDX and SPDX supported. Uses OSV.dev for vulnerability lookup, Redis for persistence with 90-day TTL. Supports CycloneDX 1.4/1.5 and SPDX 2.3 JSON. Input size limit: 500 KB. Returns go_no_go signal on register; new_findings on check. Rate limit: 10/minute. No auth required. For DevSecOps teams monitoring production dependency exposure. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_continuous", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| sbom | Yes | CycloneDX or SPDX SBOM as JSON string. Required for register action. | |
| action | Yes | Action: register, check, or deregister the SBOM watch. Required. | |
| watch_id | Yes | Unique watch identifier for this SBOM watch. Required. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||