Skip to content

v1.0.5 — Structured Per-Format Findings in SBOM Output

Choose a tag to compare

View all tags
@lab700xdev lab700xdev released this 02 Jun 05:30
· 14 commits to main since this release
v1.0.5
5963113
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new

Structured Per-Format Findings in SBOM Output — Each machine-learning-model component in the CycloneDX SBOM now carries namespaced aisbom:* properties, so downstream tools (including the aisbom.io viewer) can render per-format scan detail without re-parsing the description string.

  • Pickle / PyTorch: the names of any dangerous globals detected (e.g. os.system, subprocess.Popen) plus an opcode count.
  • SafeTensors: tensor count, dtype set, and header keys.
  • GGUF: architecture, quantization, and metadata key names.
  • Transparency: the Telemetry & Privacy section of the README now documents exactly what the --share upload contains.

What's not changing

All scanner rules, exit codes, command signatures, and the existing SBOM description strings are byte-for-byte identical to v1.0.4. The new properties are purely additive — existing consumers (and the platform's risk regex) are unaffected.

Assets 5
Loading