agent-bom-runtime — AI Runtime Security Monitoring

Context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries.

Install

pipx install agent-bom

Tools (3)

| Tool | Description | |------|-------------| | context_graph | Agent context graph with lateral movement analysis | | analytics_query | Query vulnerability trends, posture history, and runtime events | | runtime_correlate | Cross-reference runtime audit logs with CVE findings |

Example Workflows

# Build context graph from scan results
context_graph()

# Correlate runtime audit with CVE data
runtime_correlate(audit_file="proxy-audit.jsonl")

# Query analytics
analytics_query(query="top_cves", days=30)

Privacy & Data Handling

Operates on scan results already in memory and user-provided audit log files. No automatic file discovery. No network calls unless you configure an optional ClickHouse endpoint for persistent analytics.

Verification

• Source: github.com/msaad00/agent-bom (Apache-2.0)
• 7,100+ tests with CodeQL + OpenSSF Scorecard
• No telemetry: Zero tracking, zero analytics