CLI Commands

cnspec aibom

Generate an AI bill of materials (AIBOM) that inventories AI and ML models across cloud providers, model registries, inference APIs, and local runtimes.

Use cnspec aibom to generate an AI bill of materials (AIBOM) that inventories the AI and ML models in use across cloud providers, model registries, inference APIs, and local runtimes. An AIBOM gives you a clear picture of which models your organization runs and where, so you can govern and secure your AI supply chain.

The following providers are supported:

  • local: Local system (agents, cached models)
  • ollama: Ollama models
  • huggingface: Hugging Face Hub models
  • openai: OpenAI API (models, vector stores, fine-tuning)
  • claude: Anthropic Claude API (models, agents, skills)
  • vllm: vLLM inference server
  • aws: AWS Bedrock and SageMaker
  • gcp: GCP Vertex AI and Model Armor
  • azure: Azure AI Services (OpenAI, Cognitive Services)

The following output formats are supported:

  • markdown (default)
  • json
  • cyclonedx-json
  • cyclonedx-xml

Generate an AIBOM for your local system:

cnspec aibom local

Generate an AIBOM for your local system as JSON:

cnspec aibom local -o json

Generate an AIBOM for an Ollama instance in CycloneDX JSON format:

cnspec aibom ollama -o cyclonedx-json

Generate an AIBOM for an AWS account in CycloneDX JSON format:

cnspec aibom aws -o cyclonedx-json

Options

      --annotation stringToString   Add an annotation to the asset in the form KEY=VALUE (default [])
      --asset-name string           User-override for the asset name
      --discover strings            Enable the discovery of nested assets. Supports: all, auto, container, container-images
  -h, --help                        help for aibom
  -o, --output string               Set output format: markdown, json, cyclonedx-json, cyclonedx-xml (default "markdown")
      --output-target string        Set output target to which the AIBOM report will be written
      --record string               Record all resource calls and use resources in the recording
      --sudo                        Elevate privileges with sudo
      --use-recording string        Use a recording to inject resource data (read-only)

Options inherited from parent commands

      --api-proxy string        Set the proxy for communications with Mondoo Platform API
      --auto-update             Enable automatic provider installation and update (default true)
      --config string           Set config file path (default $HOME/.config/mondoo/mondoo.yml)
      --log-level string        Set the log level: error, warn, info, debug, trace (default "info")
      --logging-config string   Path to a logging configuration file (YAML or JSON) that selects the log writer, level, and writer-specific options
  -v, --verbose                 Enable verbose output

SEE ALSO

On this page