feat: Add AIBoMGen tooling #99
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| { | ||
| "$schema": "https://cyclonedx.org/schema/tool-center-v2.tool.schema.json", | ||
| "specVersion": "2.0", | ||
| "tool": { | ||
| "name": "AIBoMGen CLI Action", | ||
| "publisher": "IDLab, Ghent University, imec", | ||
| "description": "A GitHub Action that generates a CycloneDX AI Bill of Materials for Hugging Face models referenced in a repository using AIBoMGen-cli.", | ||
| "repository_url": "https://github.com/CRACY-project/AIBoMGen-cli-action", | ||
| "capabilities": [ | ||
| "AI/ML-BOM", | ||
| "SBOM" | ||
| ], | ||
| "availability": [ | ||
| "OPEN_SOURCE" | ||
| ], | ||
| "functions": [ | ||
| "AUTHOR" | ||
| ], | ||
| "packaging": [ | ||
| "GITHUB_ACTION" | ||
| ], | ||
| "lifecycle": [ | ||
| "POST-BUILD" | ||
| ], | ||
| "supportedStandards": [ | ||
| "CYCLONEDX" | ||
| ] | ||
| } | ||
| } | ||
| Original file line number | Diff line number | Diff line change | ||
|---|---|---|---|---|
| @@ -0,0 +1,49 @@ | ||||
| { | ||||
| "$schema": "https://cyclonedx.org/schema/tool-center-v2.tool.schema.json", | ||||
| "specVersion": "2.0", | ||||
| "tool": { | ||||
| "name": "AIBoMGen CLI", | ||||
| "publisher": "IDLab, Ghent University, imec", | ||||
| "description": "A Go CLI tool that scans repositories for Hugging Face model usage, generates CycloneDX AI BOMs, validates, enriches, and merges AIBOMs with SBOMs.", | ||||
| "repository_url": "https://github.com/idlab-discover/AIBoMGen-cli", | ||||
| "capabilities": [ | ||||
| "AI/ML-BOM", | ||||
| "SBOM" | ||||
| ], | ||||
| "availability": [ | ||||
| "OPEN_SOURCE" | ||||
| ], | ||||
| "functions": [ | ||||
| "AUTHOR", | ||||
|
Member
There was a problem hiding this comment. I dont see how an GH action might help to author a BOM. https://cyclonedx.github.io/tool-center/#tools_items_functions
Suggested change
Author
There was a problem hiding this comment. This is the cli tool (not the GH action) |
||||
| "ANALYSIS", | ||||
|
Member
There was a problem hiding this comment. I dont see how an SBOM generator acts as a transformer. https://cyclonedx.github.io/tool-center/#tools_items_functions
Author
There was a problem hiding this comment. This cli tool is able to generate AI/ML BOMs in both xml and json format and is able to merge SBOMs with AI/ML BOM components. I understood that merging is a form of "transformation". |
||||
| "TRANSFORM" | ||||
|
Member
There was a problem hiding this comment. I dont see how an SBOM generator acts as a transformer. https://cyclonedx.github.io/tool-center/#tools_items_functions
Author
There was a problem hiding this comment. This cli tool is able to generate AI/ML BOMs in both xml and json format and is able to merge SBOMs with AI/ML BOM components. I understood that merging is a form of "transformation". |
||||
| ], | ||||
| "transform": [ | ||||
| "BOM_SERIALIZATION_FORMAT", | ||||
| "BOM_VERSION" | ||||
| ], | ||||
| "packaging": [ | ||||
| "COMMAND_LINE_UTILITY", | ||||
| "LIBRARY", | ||||
| "APPLICATION" | ||||
| ], | ||||
| "library": [ | ||||
| "GO" | ||||
| ], | ||||
| "platform": [ | ||||
| "LINUX", | ||||
| "MAC", | ||||
| "WINDOWS" | ||||
| ], | ||||
| "lifecycle": [ | ||||
| "POST-BUILD" | ||||
| ], | ||||
| "supportedStandards": [ | ||||
| "CYCLONEDX" | ||||
| ], | ||||
| "supportedLanguages": [ | ||||
| "PYTHON", | ||||
| "JAVASCRIPT/TYPESCRIPT" | ||||
| ] | ||||
| } | ||||
| } | ||||
| Original file line number | Diff line number | Diff line change | ||
|---|---|---|---|---|
| @@ -0,0 +1,37 @@ | ||||
| { | ||||
| "tool": { | ||||
| "name": "AIBoMGen", | ||||
| "publisher": "IDLab, Ghent University, imec", | ||||
| "description": "A proof-of-concept platform for generating AI Bills of Materials (AIBOMs) during distributed AI model training. This is a reference and research architecture: not meant for production.", | ||||
| "repository_url": "https://github.com/idlab-discover/AIBoMGen", | ||||
| "capabilities": [ | ||||
| "AI/ML-BOM", | ||||
| "SBOM" | ||||
| ], | ||||
| "availability": [ | ||||
| "OPEN_SOURCE" | ||||
| ], | ||||
| "functions": [ | ||||
| "AUTHOR", | ||||
|
Member
There was a problem hiding this comment. I dont see how an GH action might help to author a BOM. https://cyclonedx.github.io/tool-center/#tools_items_functions
Suggested change
Author
There was a problem hiding this comment. This is not the GH action. Same question here: What is meant with "authoring"? |
||||
| "SIGNING/NOTARY" | ||||
| ], | ||||
| "packaging": [ | ||||
| "APPLICATION" | ||||
| ], | ||||
| "lifecycle": [ | ||||
| "BUILD", | ||||
| "POST-BUILD" | ||||
| ], | ||||
| "supportedStandards": [ | ||||
| "CYCLONEDX" | ||||
| ], | ||||
| "cycloneDxVersion": [ | ||||
| "CYCLONEDX_V1.6" | ||||
| ], | ||||
| "supportedLanguages": [ | ||||
| "PYTHON" | ||||
| ] | ||||
| }, | ||||
| "$schema": "https://cyclonedx.org/schema/tool-center-v2.tool.schema.json", | ||||
| "specVersion": "2.0" | ||||
| } | ||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont see how an GH action might help authoring an BOM.
https://cyclonedx.github.io/tool-center/#tools_items_functions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you clarify what "authoring" means in this context? Does it strictly mean a human manually writing BOM content, or does it also cover tools that automate BOM creation on behalf of the user? And if the latter doesn't qualify, which functions value would be most appropriate for an automated generator?