specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
The link is currently broken
Currently, callstack frames is limited to a single array. https://github.com/CycloneDX/specification/blob/master/schema/bom-1.5.schema.json#L1576C24-L1576C24 This limits the number of evidence to just 1, as shown in the screenshot below:  This attribute could become...
since a var can only have exactly one value, it is desireable to have a constraint that each var is used only once in the context of it's `environmentVars` container....
**Proposal** Base (aka foundation) models are one of the most important pieces of information to know about a given model, according to our research with dozens of AI/ML practitioners. Knowing...
**Goals** As someone who may be reviewing MLBOMs in the future, I don't only want to know the format of each input and output, but what actual inputs/outputs are provided....
as agreed in a meeting with @mrutkows , @stevespringett , @jkowalleck we will keep things as proposed via #222 for a while and revisit and restructure things in a breaking...
Inspired by this blog on the web [sustainability](https://developer.mozilla.org/en-US/blog/introduction-to-web-sustainability/), it would be nice to tag components and services based on factors such as (replicated from the blog): - carbon emissions -...
Generator tools use a data source, such as lock files or package manager command's output, to construct the dependency relationships. Depending on the environment, the version of build tools, and...
Proposal: based on research of model cards across HuggingFace, Google, and Meta, there seem to be a common way of breaking down usage: "direct/intended use," "out of scope" usage, and...
Proposal: ML models have lineages as well, like software libraries. They almost always have a base (aka foundation) model, and may have a parent model that's different from the original...