Skip to content

AI-BOM v3.0.0 — 13 Scanners, Compliance, Parallel Scanning

Choose a tag to compare

View all tags
@Zie619 Zie619 released this 10 Feb 13:09
· 184 commits to main since this release
v3.0.0
3387baf

What's New in v3.0.0

Major upgrade from v2.0 → v3.0 with 8,400+ new lines, 69 files changed, and 523 tests.

New Scanners (4)

  • GitHub Actions Scanner — detects AI-powered actions, Copilot integrations, and API keys in workflow files
  • Jupyter Notebook Scanner — parses .ipynb code cells for AI imports, model loading, and API usage
  • Model File Scanner — detects binary model files (.onnx, .pt, .safetensors, .gguf, .tflite, etc.)
  • MCP Config Scanner — scans MCP server configurations (mcp.json, claude_desktop_config.json, .cursor/mcp.json)

New Reporters (3)

  • CSV Reporter — flat tabular output for spreadsheets and data pipelines
  • JUnit XML Reporter — test-suite format for CI/CD integration (Jenkins, GitLab, etc.)
  • Diff Reporter — compare two scans to show new/removed components and risk changes

Compliance Modules (3)

  • OWASP Agentic Top 10 — maps findings to OWASP ASI risk categories (A01–A10)
  • EU AI Act Checker — flags high-risk AI systems per Annex III, checks Article 52/53 transparency
  • License Compliance — detects restrictive model licenses (CC-BY-NC, GPL on commercial projects)

Performance & DX

  • Parallel scanning--workers N runs scanners concurrently via ThreadPoolExecutor
  • Incremental cache--cache only re-scans changed files (SHA-256 hashing)
  • .ai-bomignore — gitignore-style pattern file to exclude paths from scanning
  • Watch modeai-bom watch . monitors filesystem for changes and re-scans automatically
  • Scan reliability — UTF-8/latin-1 fallback, symlink cycle detection, binary file detection, 10MB file guard

New CLI Commands

  • ai-bom list-scanners — show all registered scanners
  • ai-bom diff scan1.json scan2.json — compare two scan results
  • ai-bom serve --port 8080 — start FastAPI REST API server
  • ai-bom watch . — file watch mode with live re-scanning

Expanded Detection

  • 6 new dependency parsers: Cargo.toml, go.mod, Gemfile, pom.xml, build.gradle, .csproj
  • New API key patterns: Groq (gsk_), Fireworks (fw_), Perplexity (pplx-), Together AI, Mistral
  • 12 new AI packages across Ruby, .NET, Java, and Go ecosystems

Infrastructure

  • Dockerfile — multi-stage build, published to ghcr.io/trusera/ai-bom
  • MkDocs Material documentation site with 14 pages
  • Makefile with 14 build targets
  • Pre-commit hooks — ruff, trailing whitespace, YAML/JSON/TOML validation
  • Issue & PR templates — bug reports, feature requests, detection pattern submissions
  • ARCHITECTURE.md — scanner registry pattern, data flow, risk scoring docs

Install / Upgrade

pip install ai-bom==3.0.0

# With all optional features
pip install "ai-bom[all]==3.0.0"

# Docker
docker pull ghcr.io/trusera/ai-bom:3.0.0

Stats

Metric v2.0 v3.0
Scanners 9 13
Output formats 7 9
Tests 313 523
Detection patterns ~60 ~100
Compliance frameworks 0 3

Full Changelog: v0.1.0...v3.0.0

Assets 4
Loading