AIBOM Support

SBOM Observer now recognizes CycloneDX 1.6 AI BOMs. When an uploaded SBOM contains machine-learning-model components with model cards, Observer automatically tags the attestation as AIBOM and surfaces the model metadata in the component detail view.

Model Card Details

Model card data from the SBOM is displayed directly on the component detail page:

• Model parameters — task, architecture family, architecture, inputs/outputs.
• Quantitative analysis — performance metrics with optional confidence intervals and slices.
• Considerations — intended users, use cases, technical limitations, ethical considerations, environmental impact (energy consumption, CO₂), and fairness assessments.
• Properties — any additional key/value metadata embedded in the model card.

Model Insights (HuggingFace)

For components with a HuggingFace package URL (pkg:huggingface/…), a Model Insights tab appears with live data fetched from the HuggingFace API:

• Overview: author, pipeline tag, library, architecture, downloads, likes.
• Safetensors: total parameter count and tensor types (probed via range requests when not in the API response).
• Tags, card data (license, language, datasets, base model).
• Full README rendered as markdown.

Supplier identification

Suppliers referenced in AIBOMs are extracted and appear in the suppliers table like any other SBOM.