Hi Team,
Any plans to support generate AIBOM using Syft or Grype
Regards,
Anvitha
1 Like
Hi Anvitha!
In short, Yes! We’re currently working on a spike that will try and catalog a few new package types so that they can be added into the SBOM when syft scans sources containing them.
Here is a high level of the formats of what we’re looking at to try and represent in the syft-json. More work is needed currently to figure out cyclone-dx and spdx representations.
-
GGUF (.gguf): Quantized LLMs (llama.cpp, ollama). Binary format with structured metadata + tensors.
-
Safetensors (.safetensors): HuggingFace default. Secure, zero-copy, JSON metadata + binary tensors.
-
OCI Image Source: Docker default, OCI images now store model information in the layers. images → model
-
ONNX (.onnx): Cross-framework standard. Graph + tensors, Protobuf-based. Metadata available
Are there specific artifact types your looking for support for? We’re happy to take any feedback right now while we gather information and look at what can/should be added 
Great to hear!! Thank you so much for the reply. I’m going through what components are used in my organization, I will post my requirements based on exploration. Could you please let me know when this will be released ?