AI GOVERNANCE DATASET
Inventory the AI inside your software with confidence
AI/ML SDKs, model files, and API keys embedded in your software trigger new obligations under the EU AI Act, NIST AI RMF, and emerging AIBOM standards. The SCANOSS AI Governance Dataset detects AI and ML components across your codebase—down to the snippet—and produces standards-compliant AIBOMs that satisfy governance, procurement, and export control requirements.
Detect AI/ML SDKs, model files, and API keys at snippet level
Cover 150+ AI/ML packages across 12 languages
Generate CycloneDX 1.6 and SPDX-compliant AIBOMs
Detect AI/ML SDKs, model files, and API keys at snippet level
Cover 150+ AI/ML packages across 12 languages
Generate CycloneDX 1.6 and SPDX-compliant AIBOMs
How it works
SCANOSS integrates directly into your developer workflows using lightweight local agents and a real-time scanning engine. It can be embedded within IDEs, CI/CD pipelines, pre-commit hooks, or used via CLI. Code is never uploaded—only SBOM and metadata are processed for analysis, ensuring data sovereignty and privacy.
Step 1:
Run the ai-finder locally
Step 2:
Snippet-level matching surfaces AI/ML SDKs, model files, API keys, and package metadata that manifest-only tools miss
Step 3:
Generate an AIBOM in CycloneDX 1.6 or SPDX AI BOM Profile — consumable by governance dashboards, and SBOM aggregators