Skip to content

v0.4.5

Choose a tag to compare

View all tags
@debu-sinha debu-sinha released this 23 Feb 19:21
· 39 commits to main since this release
v0.4.5
ea9e95a

v0.4.5

New Features

  • Inline finding suppression via # agentsec:ignore comments
  • .agentsecignore file support (gitignore-style path exclusions)
  • 5 new LLM provider credential patterns (Mistral, Together, Fireworks, Perplexity, DeepSeek)
  • OWASP ASI06/07/09 coverage: memory manipulation, multi-agent exploitation, audit logging checks
  • SHA-pinned all GitHub Actions in CI workflows
  • Version consistency CI check (tag vs pyproject.toml)
  • Test-context severity downgrade for skill scanner findings

Fixed

  • CycloneDX SBOM generation in publish workflow (v7.x CLI flag compatibility)
  • SBOM no longer included in dist/ (was causing PyPI publish rejection)
  • Attestation subject-path now uses multiline glob patterns
  • Fireworks AI credential pattern now detects fw_ prefix keys

Checks Added

  • CMM-001: World/group-writable memory files
  • CMM-002: Memory persistence without integrity checksums
  • CMA-001: Missing inter-agent authentication
  • CMA-002: Unrestricted agent spawning policies
  • CAL-001: Audit logging disabled
  • CAL-002: No log integrity protection

Stats

  • 425 tests passing, 2 skipped, 4 xfailed
  • 32+ named checks across 4 scanner modules
Assets 3
Loading