← Back to Blog
|4 min read

BITMAX launches PatchOps Guard v0.9.0

Today, BITMAX CO., LTD officially launches PatchOps Guard v0.9.0 — the most comprehensive open supply chain security platform available. This release represents the culmination of Option 4: full 10-lane coverage spanning traditional CVEs, containers, infrastructure-as-code, secrets, SAST, malicious packages, LLM security, ML model inventory, MCP audit, and AI agent supply chain analysis.

10 security lanes, one platform

Before v0.9.0, supply chain security meant bolting together five or six different tools: Snyk for CVEs, Trivy for containers, tfsec for Terraform, TruffleHog for secrets, and nothing at all for LLM or agent risks. PatchOps Guard consolidates all 10 concerns into a single dashboard with unified findings, shared policy engine, and one remediation pipeline.

  • CVE Lane: NVD + OSV + GitHub Advisory + CISA KEV + EPSS feeds. 11,500+ exemplar patches.
  • Container Lane: Dockerfile linting + Trivy JSON integration. Detects latest tags, root users, exposed ports.
  • IaC Lane: 1,065+ rules (Trivy/tfsec integrated) for Terraform and CloudFormation. S3 public access, security group ingress, encryption at rest.
  • Secrets Lane: 1,000+ patterns including TruffleHog active verification. API keys, private keys, connection strings, JWTs.
  • SAST Lane: 3,200+ rules (Semgrep CE integrated). SQL injection, XSS, path traversal, deserialization.
  • Malicious Package Lane: 41 behavioral signals across 5 ecosystems with typosquat detection. Install scripts, obfuscated code, data exfiltration, dependency confusion.
  • LLM Guard Lane: OWASP LLM Top 10, 17 rules. Prompt injection, insecure output, model DoS.
  • ML-BOM Lane: CycloneDX 1.6 ML model inventory. HuggingFace pickle scanner included.
  • MCP Audit Lane: Model Context Protocol tool-use analysis. Permission boundaries, input validation.
  • Agent Supply Chain Lane: 7 AI framework detectors (LangChain, LlamaIndex, AutoGPT, CrewAI, DSPy, Semantic Kernel, Haystack).

25-language reachability

v0.9.0 ships tree-sitter reachability analysis for 25 languages, up from 5 in the previous release. The engine achieves P = R = F1 = 1.00 on our 97-case real-world benchmark. This means every CVE finding includes a reachability verdict — cutting false positives by 70-85% compared to lockfile-only scanners.

Python SDK and CLI

Install the SDK from PyPI:

pip install patchguard-ai

The SDK provides both sync and async clients for every API endpoint. The CLI (patchops-cli) wraps common workflows: health checks, finding queries, secret scanning, ML-BOM generation, and benchmark execution. Both are documented at patchguard.ai/guide.

Public benchmark leaderboard

We publish a public benchmark comparing PatchOps Guard against 6 competing platforms across 46 metrics and 29 feature categories. Every number is reproducible. We believe transparency drives trust, and trust is the foundation of security tooling.

PatchOps Guard v0.9.0 is live at patchguard.ai. Connect your repositories, generate your first SBOM, and see the AI repair pipeline in action. Free tier available. Enterprise pricing for teams that need SCIM, air-gapped Helm charts, and SOC 2 compliance documentation.