Discover and explore top open-source AI tools and projects—updated daily.
TruseraDiscover and inventory AI components across your infrastructure
Top 92.5% on SourcePulse
Summary
AI-BOM addresses the critical need for discovering and inventorying AI components within software infrastructure, driven by regulations like the EU AI Act and the prevalence of "Shadow AI." It provides developers and security teams with a comprehensive, standards-compliant AI Bill of Materials (SBOM) for security reviews and compliance.
How It Works
A single command (ai-bom scan .) triggers 13 specialized scanners to detect LLM providers, agent frameworks, model references, API keys, AI containers, and cloud AI services across source code, Docker, network, and cloud IaC. Outputs include CycloneDX SBOMs, SARIF, HTML dashboards, and terminal tables. The engine prioritizes speed and cross-language support via regex-based detection and auto-registering scanners.
Quick Start & Requirements
pipx install ai-bom. Alternatives: Python venv or Docker (docker run --rm -v $(pwd):/scan ghcr.io/trusera/ai-bom scan /scan).pipx or venv advised for modern OS environments to bypass system-level pip restrictions. Docker requires a running daemon. Cloud scanning (ai-bom[aws]) needs extra dependencies and permissions.docs/ directory. CI/CD examples are provided in .github/workflows/ and templates/gitlab-ci-ai-bom.yml.Highlighted Details
--fail-on) or fine-grained Cedar policies.Maintenance & Community
Developed by Trusera as the open-source foundation for their commercial platform. Active development is indicated by tagged releases and contribution guidelines. Specific community channels (e.g., Discord, Slack) or individual contributor details are not explicitly listed in the README.
Licensing & Compatibility
AI-BOM is released under the permissive Apache License 2.0. This license allows for broad compatibility with commercial use and integration into closed-source projects without significant copyleft restrictions.
Limitations & Caveats
Deeper scanning capabilities (Docker, network, cloud infrastructure, live cloud services) require additional installations, cloud credentials, and permissions. LLM enrichment necessitates API keys for external services or local model setups. The standalone SDK mode lacks the centralized dashboard, collaboration features, and advanced analytics found in the Trusera platform. Performance benchmarks and potential bus factors are not detailed in the README.
1 month ago
Inactive
n8n-io