v1.0.0 — AI SDK Scanner with Compliance Risk Mapping

What's New

aibom-scanner scans codebases for AI SDK usage and maps compliance risks to NIST AI RMF, ISO 42001, and the EU AI Act.

Features

• 61 detection patterns across 30+ AI providers (OpenAI, Anthropic, Google AI, AWS Bedrock, Cohere, Mistral, Groq, and more)
• 10 Chinese AI providers with US BIS Entity List flagging — Zhipu, iFlytek, SenseTime trigger CRITICAL findings
• Agentic AI detection — CrewAI, AutoGen, LangGraph, Semantic Kernel, MCP
• 34 risk rules across 8 categories with evidence-qualified severity
• 48 compliance controls mapped to NIST AI RMF (23), ISO 42001 (15), EU AI Act (10)
• Secrets detection — hardcoded API keys, Vault, AWS Secrets Manager, dotenv
• Dev tool detection — Cursor, GitHub Copilot, Claude Code, Aider
• Output formats — table (terminal), JSON, SARIF (GitHub Code Scanning)
• GitHub Action for CI integration
• Zero dependencies beyond Python stdlib

Quick Start

pip install aibom-scanner
aibom-scanner scan --path /your/repo

What We Found

We scanned 5 popular AI repos (470K combined GitHub stars): 389 AI detections, 116 compliance findings, zero governance controls fully mapped. One had a BIS Entity-Listed Chinese AI provider nobody knew about.