Enterprise DNA
M MCP Servers Developer low

msaad00/agent-bom

by Various

AI supply-chain security scanner and self-hosted control plane for agents, MCP, SBOM/SARIF, graph findings, runtime enforcement, and compliance evidence.

M

MCP

msaad00/agent-bom

Added 1 June 2026

#ai-agents #ai-security #ai-supply-chain #aibom #blast-radius #cloud-security #compliance #container-security

Overview

Agent-bom is a self-hosted security scanner and control plane for AI agent supply chains. It generates SBOM and SARIF reports, maps findings in a graph, enforces runtime policies, and collects compliance evidence for MCP-based agent systems.

Best for

Best for
Developers building or auditing MCP-based AI agents who need a self-hosted supply chain security and compliance tool.

Use cases

  • Scan AI agent dependencies for known vulnerabilities
  • Enforce runtime security policies on MCP agent interactions
  • Generate compliance evidence for agent supply chain audits

How to use

Install

agent-bom mcp server

Notes

Agent-bom is a self-hosted security scanner and control plane for AI agent supply chains. It generates SBOM and SARIF reports, maps findings in a graph, enforces runtime policies, and collects compliance evidence for MCP-based agent systems.

20 stars on GitHub. Last updated 2026-06-01. Licensed Apache-2.0.

Use cases

  • Scan AI agent dependencies for known vulnerabilities
  • Enforce runtime security policies on MCP agent interactions
  • Generate compliance evidence for agent supply chain audits

Pros

  • Self-hosted control plane gives full data ownership
  • Combines SBOM, SARIF, and graph analysis in one tool
  • Supports runtime enforcement, not just static scanning

Cons

  • Small community with only 20 GitHub stars
  • Limited documentation and real-world usage examples
  • Requires Python environment and self-hosting setup

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Self-hosted control plane gives full data ownership
  • Combines SBOM, SARIF, and graph analysis in one tool
  • Supports runtime enforcement, not just static scanning

Cons

  • Small community with only 20 GitHub stars
  • Limited documentation and real-world usage examples
  • Requires Python environment and self-hosting setup

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks