Conversation
Signed-off-by: wievdndr <wiebe.vandendriessche@ugent.be>
| ], | ||
| "functions": [ | ||
| "AUTHOR", | ||
| "ANALYSIS", |
There was a problem hiding this comment.
I dont see how an SBOM generator acts as a transformer.
could you elaborate on this?
https://cyclonedx.github.io/tool-center/#tools_items_functions
Tools that can analyze CycloneDX BOMs.
There was a problem hiding this comment.
This cli tool is able to generate AI/ML BOMs in both xml and json format and is able to merge SBOMs with AI/ML BOM components. I understood that merging is a form of "transformation".
There was a problem hiding this comment.
I understood that merging is a form of "transformation".
but what about analysis?
There was a problem hiding this comment.
The CLI tool can perform validation and check AIBOM completeness, returning a full report of missing or required fields and a completeness score.
There was a problem hiding this comment.
The CLI tool can perform validation and check AIBOM completeness, returning a full report of missing or required fields and a completeness score.
then please describe this capability in the description.
|
Hey @jkowalleck, quick note on the
The schema defines
All three tools generate BOMs automatically (from training runs or repository scans) not interactively by a human author. Proposed:
|
yes, please. |
Sure, no problem! I'll remove AUTHOR from all three entries right away. Thanks for taking the time to review and clarify :) |
Signed-off-by: wievdndr <wiebe.vandendriessche@ugent.be>
| ], | ||
| "functions": [ | ||
| "AUTHOR", | ||
| "ANALYSIS", |
There was a problem hiding this comment.
I understood that merging is a form of "transformation".
but what about analysis?
|
@jkowalleck |
|
I really don’t want to rush you, but I was wondering if you might be able to merge this soon. I’d really love to highlight its inclusion in the CycloneDX Tool Center in an upcoming demo for a EU project I’m involved in. |
Updated the description to include 'checks completeness' in the AIBoMGen CLI tool details. Signed-off-by: Wiebe Vandendriessche <146532897+wiebe-vandendriessche@users.noreply.github.com>
|
merged, tool center website was updated.
What is this program called and what is it about? in the meantime, let me check why the |
Thanks for merging! I’m a PhD researcher at IDLab, Ghent University, imec, and we’re a partner in the CRACY project, which helps SMEs meet CRA compliance where SBOMs will be mandatory for all software/hardware on the EU market. Part of the project is providing tooling that enhances and boosts SBOM practices. My PhD research focuses on AIBOMs to secure the AI lifecycle, and the tooling I contributed is part of the CRACY project’s effort to deliver SBOM-enhancing FOSS tools. I’ve already joined some OWASP AIBOM project meetings. I’m not yet sure how closely they’ll align with the CycloneDX standard (they probably should), but I’ll make sure to stay updated. I’ve also seen that the OWASP GenAI team has developed an AIBOM tool with functionality similar to my AIBoMGen CLI tool, so it could be interesting to explore potential collaboration or alignment there. I joined the CycloneDX Slack :) |
2 participants
Adds three CycloneDX tool entries for the AIBoMGen project by IDLab, Ghent University, imec:
All three target the CycloneDX AI/ML-BOM capability.