csoai.org/aibom/{build_sha256}.cdx.json · .spdx.json · .intoto.jsonlEvery regulated AI deployment reaches a point where a buyer's CISO, their EU CRA conformity assessor, the EU AI Office, US FedRAMP, or the UK NCSC asks the same six questions:
This card answers all six in one place, with machine-readable artefacts for automated ingestion and human-readable summary for procurement / legal / CISO review.
| Format | Standard | Endpoint | Buyer tooling |
|---|---|---|---|
| CycloneDX 1.6 | OWASP CycloneDX | csoai.org/aibom/{build}.cdx.json | Dependency-Track · OWASP Dependency-Check · jq |
| SPDX 3.0 | Linux Foundation SPDX | csoai.org/aibom/{build}.spdx.json | SPDX Tools · ClearlyDefined · ORT |
| in-toto L3 attestation | SLSA v1.0 L3 | csoai.org/aibom/{build}.intoto.jsonl | slsa-verifier · Witness · Tekton Chains |
All three are regenerated every build. Every artefact is SHA-256 hashed and Ed25519-signed by the build pipeline's SIGIL key. The build pipeline runs in a hermetic, network-isolated environment with reproducible-build guarantees (SLSA L3 source).
DEFONEOS's BOM has 4 layers. Every component at every layer is inventoried, attested, and SIGIL-signed.
| Layer | What it covers | Inventory size | Example entries |
|---|---|---|---|
| L1 · Application | Source code, binaries, container images, configuration | ~800 files · ~150 packages | Python 3.11.9 · PyTorch 2.3.1 · FastAPI 0.115.0 |
| L2 · Model | Model architecture, weights, tokenisers, RLHF preferences | ~15 base models · ~80 LoRA adapters | Qwen3-30B-A3B · SOV3-small-9B · Liquid-KAN-MoE |
| L3 · Data | Training data, evaluation data, calibration data, synthetic data | ~450 datasets · ~30B tokens | Companies House PSC · DVSA MOT 2024 · OGL-UK-3.0 sources |
| L4 · Infrastructure | Hardware, OS, firmware, kernel modules, hypervisor | ~25 base images · ~12 firmware packages | Ubuntu 24.04 LTS · QEMU 9.1 · Intel SGX SDK 2.22 |
The full transitive inventory at L1 alone is ~3,200 direct dependencies and ~28,000 transitive. Of those, ~450 are ML-specific (model checkpoints, tokenisers, RLHF preference sets, evaluation harness components).
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:defoneos-2026-07-14-v0.95.1",
"version": 1,
"metadata": {
"timestamp": "2026-07-14T00:00:00Z",
"tools": {
"components": [{"type": "application", "name": "defoneos-bom-builder", "version": "1.4.2"}]
},
"authors": [{"name": "DEFONEOS Sovereign Build", "email": "build@csoai.org"}],
"component": {
"bom-ref": "defoneos-runtime@v0.95.1",
"type": "application",
"name": "DEFONEOS Sovereign Runtime",
"version": "v0.95.1",
"licenses": [{"license": {"id": "Apache-2.0"}}],
"hashes": [
{"alg": "SHA-256", "content": "abc123..."},
{"alg": "ED25519", "content": "a4f8c2d9e1b3..."}
]
}
},
"components": [
{
"bom-ref": "pkg:pypi/torch@2.3.1",
"type": "library",
"name": "torch",
"version": "2.3.1",
"licenses": [{"license": {"id": "BSD-3-Clause"}}],
"hashes": [{"alg": "SHA-256", "content": "..."}],
"purl": "pkg:pypi/torch@2.3.1",
"externalReferences": [
{"type": "website", "url": "https://pytorch.org"},
{"type": "vcs", "url": "https://github.com/pytorch/pytorch"}
]
},
{
"bom-ref": "model:sov3-small@9b",
"type": "machine-learning-model",
"name": "sov3-small",
"version": "9b",
"licenses": [{"license": {"name": "DEFONEOS-Sovereign-License-1.0"}}],
"hashes": [{"alg": "SHA-256", "content": "..."}]
}
]
}
| Regime | Required content | Where DEFONEOS provides it |
|---|---|---|
| EU CRA Annex I §13 | SBOM + vulnerability handling + 5-year support | CycloneDX 1.6 (§4) + OSV daily scan + 10-year retention (§1) |
| EU AI Act Art-13 | Transparency to deployers · technical documentation | AI-BOM (§3) + Model Card + Data Card + System Card (§6) |
| US EO 14028 | SBOM for federal procurement | SPDX 3.0 + CycloneDX 1.6 + SLSA L3 attestation |
| US EO 14110 | Safe / secure / trustworthy AI development | Model Card + Data Card + Red Team reports (§6) |
| ISO 42001 A.6.7 | AI system lifecycle documentation | All 3 BOMs + Model Card + Data Card + System Card |
| SLSA v1.0 L3 | Hardened build pipeline + provenance | in-toto L3 attestation (§4) + hermetic build + 2-party review |
Beyond the BOM, DEFONEOS publishes three narrative cards per model version:
| Card | Content | Endpoint |
|---|---|---|
| Model Card | Architecture, training procedure, intended use, out-of-scope use, evaluation results (across 12 benchmarks), bias / fairness analysis, environmental cost | csoai.org/models/{model_id}/card.md |
| Data Card | Training data sources, licence posture, PII handling, geographic distribution, known gaps, consent posture | csoai.org/data/{dataset_id}/card.md |
| System Card | End-to-end system description, deployment topology, threat model, attack surface, adversarial test results, red team reports | csoai.org/system/{system_id}/card.md |
The System Card is also filed with UK AISI per UK AI Safety Institute evaluation protocol. DEFONEOS is a UK AISI Voluntary Commitment signatory (filed 2026-06).
csoai.org/advisories| Category | Components | Licence posture |
|---|---|---|
| DEFONEOS core | Runtime, council, build pipeline | Apache-2.0 (open) |
| DEFONEOS sovereign weights | SOV3 small / large, Liquid-KAN, BFT council | DEFONEOS-Sovereign-License-1.0 (commercial, escrow-backed) |
| Open-source dependencies | PyTorch, FastAPI, ONNX, etc. | BSD-3 / Apache-2.0 / MIT — no GPL / AGPL contamination |
| Open data sources | Companies House, DVSA, ONS, EA, OS | OGL-UK-3.0 / CC-BY-4.0 — open, attributed |
| Third-party models | Whisper, CLIP, etc. (only if buyer opts in) | Per-component licence, opt-in only |
| Buyer-supplied data | Customer data, fine-tunes | Buyer licence retained — DEFONEOS holds no derivative rights |
No GPL / AGPL / SSPL contamination in the core stack. Verified by daily ScanCode scan + weekly FOSSology deep scan. Any new dependency with copyleft licence is blocked at PR review.
Every build produces a SIGIL-anchored attestation. The signing chain:
csoai.org/aibom/{build_sha256}.sigBuyers verify any artefact in <100ms: curl https://csoai.org/aibom/verify/{build_sha256} returns the build details + signature status.
| Question | Answer lives in |
|---|---|
| "What is your security architecture?" | defoneos-mod-zero-trust-network-architecture.html |
| "Are you EU CRA ready?" | defoneos-mod-eu-cyber-resilience-act-readiness.html |
| "What is your PMS posture?" | defoneos-mod-post-market-monitoring-plan.html |
| "What are your SLAs?" | defoneos-mod-sla-tier-card.html |
| "What is your insurance cover?" | defoneos-mod-insurance-liability-bridge.html |
curl https://csoai.org/defoneos-mod-ai-bom-sbom-card.html | shasum -a 256csoai.org/aibom/sample.cdx.jsoncsoai.org/aibom/verify/{build_sha256}csoai.org/advisories/subscribecsoai.org/system/sovereign-runtime/card.mdsecurity@csoai.org