msaad00/agent-bom
by Various
AI supply-chain security scanner and self-hosted control plane for agents, MCP, SBOM/SARIF, graph findings, runtime enforcement, and compliance evidence.
MCP
msaad00/agent-bom
Added 1 June 2026
Overview
Agent-bom is a self-hosted security scanner and control plane for AI agent supply chains. It generates SBOM and SARIF reports, maps findings in a graph, enforces runtime policies, and collects compliance evidence for MCP-based agent systems.
Best for
Best for
Developers building or auditing MCP-based AI agents who need a self-hosted supply chain security and compliance tool.
Use cases
- Scan AI agent dependencies for known vulnerabilities
- Enforce runtime security policies on MCP agent interactions
- Generate compliance evidence for agent supply chain audits
How to use
Install
agent-bom mcp server Notes
Agent-bom is a self-hosted security scanner and control plane for AI agent supply chains. It generates SBOM and SARIF reports, maps findings in a graph, enforces runtime policies, and collects compliance evidence for MCP-based agent systems.
20 stars on GitHub. Last updated 2026-06-01. Licensed Apache-2.0.
Use cases
- Scan AI agent dependencies for known vulnerabilities
- Enforce runtime security policies on MCP agent interactions
- Generate compliance evidence for agent supply chain audits
Pros
- Self-hosted control plane gives full data ownership
- Combines SBOM, SARIF, and graph analysis in one tool
- Supports runtime enforcement, not just static scanning
Cons
- Small community with only 20 GitHub stars
- Limited documentation and real-world usage examples
- Requires Python environment and self-hosting setup
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Self-hosted control plane gives full data ownership
- Combines SBOM, SARIF, and graph analysis in one tool
- Supports runtime enforcement, not just static scanning
Cons
- Small community with only 20 GitHub stars
- Limited documentation and real-world usage examples
- Requires Python environment and self-hosting setup
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.