DEP_SUPPLY_CHAIN
Verify AI agent dependencies are pinned, from verified sources, on safe versions, and connecting to official model endpoints.
Framework Mappings
OWASP Agentic ASI04 — Agentic Supply Chain Vulnerabilities
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGenMCP
Evaluation Facets
01
AI Framework Dep Pinning
RequiredWeight: 0.3
Pass:AI dependencies pinned in lockfiles or exact version specifiers
Fail:Version ranges without lockfile
02
MCP Server Integrity
RequiredWeight: 0.3
Pass:Pinned versions from verified sources
Fail:Auto-install or unverified packages
03
Framework Currency
Weight: 0.25
Pass:AI framework versions above known-safe minimums
Fail:Below known-safe minimum versions
04
Model Endpoint Verification
Weight: 0.15
Pass:Official provider endpoints (api.openai.com, api.anthropic.com)
Fail:Unknown/unofficial proxy endpoints
Remediation Steps
- 1Pin all AI dependencies in lockfiles with exact versions
- 2Use explicit version specifiers for MCP servers
- 3Update AI frameworks to latest safe versions
- 4Verify all model endpoints point to official providers
Evaluate this control automatically
Connect your repos and Brigs evaluates DEP_SUPPLY_CHAIN across all your agent configurations.
Get Started — Free