| description | AI compliance and policy engine — evaluate scan results against OWASP, NIST, SOC 2, ISO 27001, CMMC, EU AI Act, AISVS v1.0, and related frameworks. Generate SBOMs and compliance reports. Use when: "compliance report", "NIST", "SOC 2", "ISO 27001", "OWASP", "EU AI Act", "AISVS", "generate SBOM", "policy check". |
| metadata | {"author":"msaad00","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","pypi":"https://pypi.org/project/agent-bom/","scorecard":"https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom","tests":6533,"install":{"pipx":"agent-bom","pip":"agent-bom","docker":"ghcr.io/msaad00/agent-bom:0.75.10"},"openclaw":{"requires":{"bins":[],"env":[],"credentials":"none"},"credential_policy":"Zero credentials required for OWASP/NIST/EU AI Act compliance and SBOM generation. CIS benchmark checks (AWS, Azure, GCP, Snowflake) optionally accept cloud credentials — only used locally to call cloud APIs, never transmitted elsewhere.","optional_env":[{"name":"AWS_PROFILE","purpose":"AWS CIS benchmark checks — uses boto3 with your local AWS profile","required":false},{"name":"AZURE_TENANT_ID","purpose":"Azure CIS benchmark checks (azure-mgmt-* SDK)","required":false},{"name":"AZURE_CLIENT_ID","purpose":"Azure CIS benchmark checks — service principal client ID","required":false},{"name":"AZURE_CLIENT_SECRET","purpose":"Azure CIS benchmark checks — service principal secret","required":false},{"name":"GOOGLE_APPLICATION_CREDENTIALS","purpose":"GCP CIS benchmark checks (google-cloud-* SDK)","required":false},{"name":"SNOWFLAKE_ACCOUNT","purpose":"Snowflake CIS benchmark checks","required":false},{"name":"SNOWFLAKE_USER","purpose":"Snowflake CIS benchmark checks","required":false},{"name":"SNOWFLAKE_PRIVATE_KEY_PATH","purpose":"Snowflake key-pair auth (CI/CD)","required":false},{"name":"SNOWFLAKE_AUTHENTICATOR","purpose":"Snowflake auth method (default: externalbrowser SSO)","required":false}],"optional_bins":[],"emoji":"✅","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","license":"Apache-2.0","os":["darwin","linux","windows"],"data_flow":"OWASP/NIST/EU AI Act/MITRE/SBOM evaluation is purely local — zero network calls. CIS benchmark checks (optional, user-initiated) call cloud provider APIs (AWS/Azure/GCP/Snowflake) using locally configured credentials. No data is stored or transmitted beyond the cloud provider's own API. File reads are limited to user-provided SBOMs and policy files.","file_reads":["user-provided SBOM files (CycloneDX/SPDX JSON)","user-provided policy files (YAML/JSON policy-as-code)"],"file_writes":[],"network_endpoints":[{"url":"https://*.amazonaws.com","purpose":"AWS CIS benchmark checks — read-only API calls (IAM, S3, CloudTrail, etc.)","auth":true,"optional":true},{"url":"https://management.azure.com","purpose":"Azure CIS benchmark checks — read-only API calls (Azure Resource Manager)","auth":true,"optional":true},{"url":"https://*.googleapis.com","purpose":"GCP CIS benchmark checks — read-only API calls (Cloud Resource Manager, IAM, etc.)","auth":true,"optional":true},{"url":"https://*.snowflakecomputing.com","purpose":"Snowflake CIS benchmark checks — read-only API calls (ACCOUNT_USAGE views)","auth":true,"optional":true}],"telemetry":false,"persistence":false,"privilege_escalation":false,"always":false,"autonomous_invocation":"restricted"}} |