Automated CycloneDX 1.6 and SPDX 3.0 AI Bill of Materials generation. Track models, tools, data sources, and dependencies with completeness scoring and signed exports.
Agent registration triggers automatic AIBOM generation. Model fingerprints detected from telemetry events. Framework, tools, and dependencies auto-discovered from SDK metadata. Completeness scoring across 5 categories: Identity (20%), Suppliers (15%), AI System (25%), Model (25%), Datasets (15%).
Full CycloneDX 1.6 ML-BOM specification: component metadata, model cards with architecture and training details, dataset descriptions with governance info, input/output specifications, and ethical considerations. Export as JSON with optional cryptographic signature.
SPDX 3.0 AI Profile fields: type of model, primary purpose, domain, autonomy type, safety risk assessment, limitations, and model explainability. Dual-format export for maximum interoperability. Fleet-wide AIBOM dashboard shows completeness across all agents.
// AIBOM completeness score
{
"overallCompleteness": 82,
"categories": {
"identity": { "score": 95, "weight": "20%" },
"suppliers": { "score": 70, "weight": "15%" },
"aiSystem": { "score": 85, "weight": "25%" },
"model": { "score": 75, "weight": "25%" },
"datasets": { "score": 80, "weight": "15%" }
}
}Export AIBOMs in CycloneDX JSON, SPDX JSON, YAML, or Fleet CSV. Optional signing with the platform Certificate Authority. Signatures include timestamp, signer identity, and hash of the AIBOM content. Verifiable by any standard CycloneDX or SPDX validator.
Automatic AIBOM generation on agent registration
Model fingerprint detection from telemetry metadata
CycloneDX 1.6 ML-BOM specification compliance
SPDX 3.0 AI Profile fields support
Completeness scoring across 5 weighted categories
Cryptographically signed exports with CA verification