Security Policy¶
Reporting a Vulnerability¶
Do not open a public GitHub issue for security vulnerabilities.
Report via GitHub Security Advisories.
We aim to respond within 48 hours and provide a fix within 7 days for critical issues.
Supported Versions¶
| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest | No — upgrade to the latest release |
Security Design¶
agent-bom has three distinct security postures:
- Scanner mode (
agent-bom agents,agent-bom fs,agent-bom check) is read-only. It reads config files and queries public APIs (OSV.dev, NVD, EPSS, CISA KEV). - MCP server mode (
agent-bom mcp server) is read-mostly. Scanner, posture, graph, and audit tools are read-only; Shield write actions require admin role,shield:writescope, and an audit reason. - Proxy mode (
agent-bom proxy) is an execution and enforcement surface. It intentionally launches or connects to the target MCP server so it can inspect, block, and audit tool traffic in real time.
Across all modes, agent-bom never stores credential values — only their names appear in output as ***REDACTED***.
For the product-wide local, endpoint, cloud, API/UI, and proxy data boundary, see Data Access Boundaries and Operator Control.
For incident response when LLM provider keys may have been exposed, use the LLM Key Exposure Drill.
For copied shell commands and assistant-generated installer prompts, use Assistant Command Safety.
Release trust and dependency controls¶
For dependency controls, extras audit coverage, parser fuzzing, and release trust posture, see: