Trusera

Trusera / ai-bom

Public

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

trusera.dev ai ai-security bill-of-materials cyclonedx github-actions
105
32
100% credibility
Found Feb 10, 2026 at 12 stars 9x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

AI-BOM is an open-source scanner that discovers AI models, agents, APIs, and services across code, containers, cloud setups, and workflows, producing inventory reports with risk scores.

How It Works

1
📰 Hear about shadow AI

You learn that sneaky AI tools are hiding in projects without anyone noticing, creating security risks.

2
🔍 Find AI-BOM tool

You discover this free helper that reveals every hidden AI part in your code and setups.

3
📥 Get it ready

You add the tool to your computer in moments, no hassle.

4
🚀 Check your folder

You point it at your project, and it swiftly uncovers all AI agents, models, and connections.

5
📊 View the report

A clear, colorful list appears showing everything found, with danger levels marked.

6
⚠️ Spot risks

It flags issues like exposed secrets or outdated parts so you can fix them fast.

Full visibility

You now see all AI in your work, feel secure, and share the report easily.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 12 to 105 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ai-bom?

ai-bom scans your Python projects, Docker setups, cloud IaC, n8n workflows, and even live cloud accounts to uncover hidden AI agents, LLM models, APIs, and frameworks like LangChain or CrewAI. It generates a standards-compliant AI bill of materials (BOM) in formats like CycloneDX, SARIF, or SPDX3, complete with risk scores and compliance checks for EU AI Act or OWASP. Run `ai-bom scan .` for instant inventory—think bill of materials software tailored for shadow AI, not just traditional deps.

Why is it gaining traction?

Unlike Trivy or Syft, which miss AI entirely, ai-bom detects 25+ SDKs across languages, n8n AI nodes, Jupyter notebooks, and cloud services like AWS Bedrock—filling the AI-shaped gap in supply chain tools. CI/CD integration shines: GitHub Actions upload SARIF for code scanning, policy files block critical risks, and diff reports track changes. Developers love the rich CLI table output and dashboard for quick audits.

Who should use this?

DevSecOps engineers mandating AI inventories before EU AI Act deadlines, platform teams hunting shadow AI in n8n automations or agentic apps, and security leads scanning for hardcoded keys in LangChain pipelines. Ideal for enterprises generating bill of materials examples in CycloneDX format or enforcing bill materials meaning across microservices.

Verdict

Solid early bet at 11 stars and 1.0% credibility—mature docs, 81% test coverage, and Apache 2.0 make it production-ready for AI BOM needs today. Grab it if you're building agentic systems; skip if not chasing compliance yet.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.