Skip to main content
Glama

What Is agent-bom

agent-bom is a read-only scanner and self-hosted control plane for local projects, agent fleets, MCP runtimes, containers, and cloud estates. Scan in your environment, centralize evidence in your VPC, and govern selected runtime hops — one model (Finding + ContextGraph) for CLI, CI, API, dashboard, MCP tools, exports, and optional proxy/gateway enforcement.

Three lanes: scan → self-hosted control plane → runtime proxy/gateway. We are not a managed MCP connector catalog — we prove blast radius and enforce policy on your agents and upstream MCP servers.

Blast radius is the core idea: a vulnerable package is linked to the MCP server that loads it, the tools it exposes, reachable credential references, and the agents that can call it — not just a CVE row.

Coverage depth and honest boundaries: AI infrastructure scanning · product boundaries

Synthetic seeded evidence for docs proof, captured from the real Next.js routes with a visible Demo data — simulated estate label — not a claim these entities came from a buyer environment. Regenerate with npm run capture:product-proof (see docs/CAPTURE.md).

  • AppSec / GRC — SARIF, compliance packs, and audit-ready exports from the same scan that powers the dashboard.

  • Platform / SRE — fleet sync, Helm deploy, CI gates, and SBOM output without a separate scanner stack.

  • Agent builders — MCP inventory, Shield SDK, and optional runtime proxy or gateway enforcement on the same graph.

  • Security engineers — findings queue, attack-path drilldown, and blast-radius context in CLI, API, and UI.

Snowflake is a supported connector lane, not the product center. MCP server mode advertises 70 MCP tools, 6 resources, and 8 workflow prompts — registry metadata via the Smithery manifest and Glama listing.

package -> vulnerability finding -> MCP server -> tools + credential refs -> agent

agent-bom normalizes advisory and distro evidence into canonical CVE findings with match-confidence tiers:

distro_confirmed > osv_range > osv_ecosystem > unfixed_distro > nvd_cpe_candidate

Distro-confirmed findings are treated as confirmed. Optional NVD CPE candidate matching widens long-tail OS/vendor software coverage, but remains review-grade and off by default.

NVD key model. End users do not need an NVD API key. CVE/CPE enrichment ships through the distributed vulnerability database. NVD_API_KEY is only an optional self-hosted freshness knob for operators rebuilding or refreshing the database.

Matching mechanics and release evidence: vulnerability matching · scanner accuracy baseline

Machine-readable detail lives in docs/AGENT_CAPABILITY.md. Summary:

MCP security tools       70 tools · 6 resources · 8 workflow prompts
REST API                 295 ops · OpenAPI docs/openapi/v1.json
Runtime proxy / gateway  stdio policy · HTTP/SSE relay · KPI rollup
Full manifest            docs/AGENT_CAPABILITY.md

Related MCP server: agent-audit

Quickstart

pip install agent-bom
agent-bom scan -p .                       # scan this repo: rich console panel with posture grade

For a reproducible, offline demo (safe to screenshot or attach to a bug report):

agent-bom scan --demo --offline           # curated sample, no network, deterministic

Export when you need a file:

agent-bom db update                       # populate ~/.agent-bom vuln DB before --offline scans
agent-bom scan -p . -f html -o agent-bom-report.html

Run agent-bom db update before --offline image or package scans. Guided path: docs/FIRST_RUN.md

Start Here

Pick the entry point for your role — ingest lanes, auth boundaries, and surface detail in docs/PRODUCT_MAP.md.

Need

Surface

First action

Main artifact

Scan a repo, image, or local agent config

CLI / CI

agent-bom scan -p .

JSON, SARIF, SBOM, HTML

Ingest external scanner / SARIF evidence

CLI / CI

agent-bom scan --external-scan report.json

JSON, SARIF, blast radius

Connect cloud and data-estate evidence

Cloud connectors

agent-bom connect aws then agent-bom cloud scan

assets, CIS findings, graph edges

Review posture as a team

API + dashboard

pip install 'agent-bom[ui]' && agent-bom serve

findings, graph, audit, compliance

Give agents security tools

MCP server

agent-bom mcp server

strict MCP tool responses

Govern runtime tool calls

Proxy / gateway

configure proxy or gateway policy

allow/warn/block audit trail

Package evidence for audit

Reports / exports

agent-bom scan -p . -f html -o report.html

SARIF, CycloneDX, SPDX, OCSF, compliance bundle

Goal

Command

Multi-hop exposure paths

agent-bom graph

LLM cost forecast (FinOps)

agent-bom cost forecast — see docs/COST_MODEL.md

External scanner / SARIF ingest

agent-bom scan --external-scan <file> — see docs/INGEST_PATHS.md

Non-human identity posture

agent-bom identity credential-expiry

Advisory remediation plan

agent-bom remediate -p .

Gated-capability readiness

agent-bom capabilities

CI gate

uses: msaad00/agent-bom@v0.94.2

Full command map: docs/CLI_MAP.md · role routing: docs/START_HERE.md · repo layout: PROJECT_STRUCTURE.md

Cloud Connectors

Read-only, opt-in, and default-off. No secret values are read or stored. agent-bom connect <provider> prints the grant template and enable flag — no network I/O until you opt in.

Cloud

Enable

Scan

AWS

AGENT_BOM_AWS_INVENTORY=1

agent-bom cloud aws

Azure

AGENT_BOM_AZURE_INVENTORY=1

agent-bom cloud azure

GCP

AGENT_BOM_GCP_INVENTORY=1

agent-bom cloud gcp

Snowflake

SSO or key-pair auth

pip install 'agent-bom[snowflake]' then agent-bom scan --snowflake

Setup and grants: docs/CLOUD_CONNECT.md · full intake map: docs/DATA_SOURCES.md

Snowflake auth defaults to browser SSO (externalbrowser); use SNOWFLAKE_AUTHENTICATOR=snowflake_jwt with SNOWFLAKE_PRIVATE_KEY_PATH for CI. agent-bom authenticates through the Python connector — no snowsql session needed.

Deploy in Your Boundary

OSS CLI, self-hosted API/UI, gated hosted POC, or optional Snowflake-native lane — no managed public SaaS in this repo yet. One compose file starts a local control plane:

curl -fsSL https://raw.githubusercontent.com/msaad00/agent-bom/main/deploy/docker-compose.pilot.yml -o docker-compose.pilot.yml
docker compose -f docker-compose.pilot.yml up -d
# Dashboard -> http://localhost:3000

Pilot compose binds to 127.0.0.1 with loopback CORS only. Use docker-compose.platform.yml or docs/HOSTED_POC.md before sharing a link.

Target

Path

Any container platform

Deploy anywhere

Kubernetes

Helm chart

AWS EKS

Terraform module

AWS one-click

CloudFormation

Images

Docker Hub

Trust

  • Read-only discovery by default; no mandatory telemetry.

  • Credential values redacted; env names preserved for explainable exposure paths.

  • Exports: JSON, SARIF, CycloneDX, SPDX, OCSF, Markdown, HTML, compliance bundles.

  • Tenant scope, auth boundaries, and audit evidence on API/runtime paths.

Threat model · Pentest readiness · Release verification · MCP security model · Python client · Go client

Contributing

Contributions are welcome. Start with CONTRIBUTING.md, .agents/AGENTS.md, and the open issues.

License: Apache-2.0.

Install Server
A
license - permissive license
A
quality
A
maintenance

Maintenance

Maintainers
22hResponse time
1dRelease cycle
120Releases (12mo)
Commit activity
Issues opened vs closed

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/msaad00/agent-bom'

If you have feedback or need assistance with the MCP directory API, please join our Discord server