agent-bom v0.75.12

What's Changed

• Fix post-release hygiene: uv.lock, demo, dist cleanup by @msaad00 in #1128
• Fix self-scan, provenance export, and release surface alignment by @msaad00 in #1129
• feat(cli): add first-class skills scan and verify by @msaad00 in #1139
• chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.0.0 by @dependabot[bot] in #1138
• chore(deps): bump sigstore/cosign-installer from 4.1.0 to 4.1.1 by @dependabot[bot] in #1132
• chore(deps): bump recharts from 3.8.0 to 3.8.1 in /ui by @dependabot[bot] in #1136
• chore(deps): bump @xyflow/react from 12.10.1 to 12.10.2 in /ui by @dependabot[bot] in #1134
• chore(deps): bump @dagrejs/dagre from 2.0.4 to 3.0.0 in /ui by @dependabot[bot] in #1133
• chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in #1131
• chore(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in #1130
• Fix filesystem scan output credibility by @msaad00 in #1140
• Improve advisory labeling and resolver continuity by @msaad00 in #1141
• Add live MCP tool capability risk scoring by @msaad00 in #1142
• Harden npm version resolution backpressure by @msaad00 in #1143
• Align CLI first-run and quickstart surfaces by @msaad00 in #1144
• Polish dashboard hero and graph visuals by @msaad00 in #1145
• Tighten remediation JSON and posture messaging by @msaad00 in #1146
• fix(ui): align eslint with next peer range by @msaad00 in #1147
• fix(scorecard): resolve source metadata before enrichment by @msaad00 in #1148
• chore: prepare 0.75.12 release by @msaad00 in #1149
• fix: close final 0.75.12 carry-forwards by @msaad00 in #1150
• docs: polish release audit cosmetics by @msaad00 in #1151
• docs: sharpen CI/CD and enterprise adoption paths by @msaad00 in #1152

Full Changelog: v0...v0.75.12

agent-bom v0.75.11

What's Changed

• Add CWE impact classification engine and CLI UX improvements by @msaad00 in #1116
• Wire CWE-aware filtering into blast radius construction by @msaad00 in #1117
• Fix compliance framework count and README cleanup by @msaad00 in #1118
• Harden supply chain pinning and add dynamic framework count by @msaad00 in #1119
• Polish CLI output, fix Dockerfile hash pinning, refresh demo by @msaad00 in #1122
• Add reachability context to SARIF/VEX and dependency confusion detection by @msaad00 in #1123
• Fix demo enrichment, show unscored vulns, enable Rich colors by @msaad00 in #1124
• Add CWE impact to check command, condense discovery output by @msaad00 in #1125
• README overhaul, proxy detector telemetry, docs alignment by @msaad00 in #1126
• chore: release 0.75.11 by @msaad00 in #1127

Full Changelog: v0...v0.75.11

agent-bom v0.75.10

What's Changed

• Refresh stale 0.75.9 demo asset by @msaad00 in #1107
• Stabilize requests and UI dependency advisories by @msaad00 in #1108
• Tighten final 0.75.10 stability edges by @msaad00 in #1109
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 by @dependabot[bot] in #1110
• Harden runtime stdin and Slack delivery reporting by @msaad00 in #1111
• Polish release surfaces and fix offline demo DB path by @msaad00 in #1112
• Polish hero demo and release positioning by @msaad00 in #1113
• Align release-facing surfaces before 0.75.10 by @msaad00 in #1114
• chore: release 0.75.10 by @msaad00 in #1115

Full Changelog: v0...v0.75.10

agent-bom v0.75.9

What's Changed

• Fix MCP registry publish diagnostics by @msaad00 in #1097
• Fix MCP Registry PyPI publish marker by @msaad00 in #1098
• Align 0.75.8 release surfaces and claims by @msaad00 in #1099
• Harden final OpenSSF release surfaces by @msaad00 in #1100
• Add non-failing mode for package checks by @msaad00 in #1101
• Harden project-scoped scan coverage by @msaad00 in #1102
• Guard MCP and PyPI release metadata by @msaad00 in #1103
• Harden npm version resolution continuity by @msaad00 in #1104
• Align release-facing surfaces before republish by @msaad00 in #1105
• chore: bump version to 0.75.9 by @msaad00 in #1106

Full Changelog: v0...v0.75.9

agent-bom v0.75.8

What's Changed

• Harden release consistency and storefront automation by @msaad00 in #1090
• Split PyPI storefront from GitHub README by @msaad00 in #1091
• Salvage runtime BOM diff improvements by @msaad00 in #1092
• Harden workflow permissions and review noise by @msaad00 in #1093
• Tighten workflow perms and pin pip bootstrap by @msaad00 in #1094
• chore: bump version to 0.75.8 by @msaad00 in #1095

Full Changelog: v0...v0.75.8

agent-bom v0.75.7

What's Changed

• Align 0.75.7 release version and guard tags by @msaad00 in #1089

Full Changelog: v0...v0.75.7

agent-bom v0.75.6

What's Changed

• Guard Trivy SARIF upload on rescan by @msaad00 in #1087
• Upgrade runtime zlib for release image by @msaad00 in #1088

Full Changelog: v0.75.5...v0.75.6

agent-bom v0.75.3

What's Changed

• fix: Codex audit v3 — no-scan network, offline messaging, skills sync by @msaad00 in #1045
• fix: --no-scan skips all DB messaging + offline clean one-liner by @msaad00 in #1046
• feat: wire NIST 800-53 + FedRAMP + PCI DSS into compliance API (closes #934, #935, #936) by @msaad00 in #1047
• fix: final Codex polish — no-scan DB noise + count drift by @msaad00 in #1048
• chore: bump version to 0.75.3 by @msaad00 in #1049

Full Changelog: v0...v0.75.3

agent-bom v0.75.2

What's Changed

• fix: behavioral correctness — offline, IaC isolation, version (v0.75.2) by @msaad00 in #1039
• fix: --posture flag exposed + offline messaging + field access (Codex v4) by @msaad00 in #1043

Full Changelog: v0...v0.75.2

agent-bom v0.75.1

What's Changed

• docs: update README demo GIF to v0.75.0 by @msaad00 in #1036
• release: v0.75.1 — Codex audit fixes + security hardening by @msaad00 in #1037

Full Changelog: v0...v0.75.1