saasvista / aibom-scanner

Public

Scan codebases for AI SDK usage and map compliance risks to NIST AI RMF, ISO 42001, and EU AI Act

pypi.orgprojectaibom-scanner ai aibom cli compliance eu-ai-act

100% credibility

Found Apr 11, 2026 at 12 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

A scanning tool that examines software projects for AI service usage and highlights compliance risks mapped to standards like NIST AI RMF, ISO 42001, and EU AI Act.

How It Works

🔍 Discover the AI checker

You hear about a simple tool that looks inside your software project to spot AI parts and check if they follow important safety rules.

📥 Get the tool ready

You follow the quick setup guide to add the checker to your computer in just moments.

📁 Pick your project folder

You point the tool at the folder holding your project's files so it knows what to examine.

⚡ Start the scan

You tell the tool to go ahead, and it quickly searches through all your files for AI building blocks and potential issues.

📊 Review your report

You get back a clear list of what AI services are used, along with helpful warnings about rules from trusted standards.

✅ Stay safe and compliant

Now you understand your project's AI setup perfectly and can make smart fixes to meet safety guidelines with confidence.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 12 to 12 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is aibom-scanner?

aibom-scanner is a Python CLI tool that scans codebases and GitHub repos for AI SDK usage, generating an AI Bill of Materials (AIBOM) with compliance risks mapped to NIST AI RMF, ISO 42001, and EU AI Act. Run `aibom-scanner scan --path .` to detect 61 AI providers like OpenAI, Anthropic, and Chinese vendors flagged for export risks, plus secrets and agentic frameworks. It outputs tables, JSON, or SARIF for easy CI integration, helping teams spot untracked AI dependencies without installing extras—zero dependencies, pure stdlib.

Why is it gaining traction?

Stands out with GitHub Action support for scanning PRs, SARIF for native Code Scanning alerts, and risk rules that flag high-stakes issues like BIS Entity List violations or missing DPAs. Unlike generic scanners, it targets AI-specific vulnerabilities—scan GitHub repos for malicious code risks from shady providers or hardcoded keys—while qualifying severity based on code context like user inputs. Devs love the fail-fast CI option with `--severity-threshold high`.

Who should use this?

Security engineers scanning GitHub repos for vulnerabilities, malware, or virus-like risks in AI integrations. Compliance leads auditing codebases against NIST RMF, ISO 42001, or EU AI Act before audits. AI/ML teams building agentic apps with LangChain or CrewAI, needing to map governance gaps fast.

Verdict

Promising beta for AI compliance scanning—solid docs, 43/43 tests passing, Apache license—but only 12 stars and 1.0% credibility score signal early days; test on non-critical repos first. Worth a spin if EU AI Act deadlines loom.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 12 stars

Penalty: New account (1d): -70%

Penalty: Very new repo (1d): -70%

Bonus: AI verified quality (100%)

Account age: 1 days

Repo age: 1 days

License: Apache-2.0

Updated: Apr 11, 2026