diff --git a/registries/toolhive/servers/agent-bom/icon.svg b/registries/toolhive/servers/agent-bom/icon.svg new file mode 100644 index 00000000..f8715322 --- /dev/null +++ b/registries/toolhive/servers/agent-bom/icon.svg @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json new file mode 100644 index 00000000..b3a23ba8 --- /dev/null +++ b/registries/toolhive/servers/agent-bom/server.json @@ -0,0 +1,129 @@ +{ + "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", + "name": "io.github.msaad00/agent-bom", + "description": "Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime enforcement across MCP servers, containers, cloud, and GPU.", + "title": "agent-bom", + "icons": [ + { + "mimeType": "image/svg+xml", + "sizes": [ + "any" + ], + "src": "https://raw.githubusercontent.com/stacklok/toolhive-registry/main/registries/toolhive/servers/agent-bom/icon.svg" + } + ], + "repository": { + "url": "https://github.com/msaad00/agent-bom", + "source": "github" + }, + "version": "1.0.0", + "packages": [ + { + "registryType": "oci", + "identifier": "ghcr.io/msaad00/agent-bom:v0.70.5", + "transport": { + "type": "stdio" + }, + "environmentVariables": [] + } + ], + "_meta": { + "io.modelcontextprotocol.registry/publisher-provided": { + "io.github.stacklok": { + "ghcr.io/msaad00/agent-bom:v0.70.5": { + "overview": "## agent-bom + +Security scanner for AI infrastructure. Scans MCP servers, AI agents, containers, cloud environments, and GPU compute for CVEs, credential exposure, tool poisoning, and configuration drift. + +### Key capabilities + +- **31 MCP tools** for AI assistant integration (Claude, Cursor, Windsurf) +- CVE scanning with blast radius analysis across transitive dependencies +- Credential leak detection in MCP tool arguments and responses +- CIS benchmark checks for AWS, Azure, GCP, Snowflake, Databricks +- Policy-as-code engine with 17 declarative conditions +- Compliance mapping across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act) +- SBOM generation (CycloneDX, SPDX) +- Runtime proxy for MCP traffic interception and enforcement", + "tier": "Community", + "status": "Active", + "tags": [ + "security", + "vulnerability-scanning", + "sbom", + "supply-chain", + "cve", + "blast-radius", + "mcp", + "ai-agents", + "ai-infrastructure", + "compliance", + "cis-benchmarks", + "owasp", + "policy-as-code", + "gpu", + "runtime-enforcement" + ], + "tools": [ + "scan", + "check", + "blast_radius", + "policy_check", + "registry_lookup", + "generate_sbom", + "compliance", + "remediate", + "skill_trust", + "verify", + "where", + "inventory", + "diff", + "marketplace_check", + "code_scan", + "context_graph", + "analytics_query", + "cis_benchmark", + "fleet_scan", + "runtime_correlate", + "vector_db_scan", + "aisvs_benchmark", + "gpu_infra_scan", + "dataset_card_scan", + "training_pipeline_scan", + "browser_extension_scan", + "model_provenance_scan", + "prompt_scan", + "model_file_scan", + "license_compliance_scan", + "ingest_external_scan" + ], + "permissions": { + "network": { + "outbound": { + "allow_host": [ + "api.osv.dev", + "services.nvd.nist.gov", + "api.first.org", + "www.cisa.gov", + "registry.npmjs.org", + "pypi.org", + "crates.io", + "proxy.golang.org", + "search.maven.org" + ], + "allow_port": [ + 443 + ] + } + } + }, + "custom_metadata": { + "author": "Wagdy Saad", + "homepage": "https://github.com/msaad00/agent-bom", + "license": "Apache-2.0" + } + } + } + } + } +}