Hugging Face's logo

Spaces:
GenAISecurityProject
/
OWASP-AIBOM-Generator
Running

App Files
OWASP-AIBOM-Generator / src /models /field_registry.json
e2hln's picture
e2hln
Upload 44 files
6165ba9 verified
raw
history blame
62.2 kB
{
"registry_metadata": {
"description": "Field registry for configurable AI SBOM generation and scoring"
},
"scoring_config": {
"tier_weights": {
"critical": 3,
"important": 2,
"supplementary": 1
},
"category_weights": {
"required_fields": 20,
"metadata": 20,
"component_basic": 20,
"component_model_card": 30,
"external_references": 10
},
"scoring_profiles": {
"basic": {
"description": "Minimal fields required for identification",
"required_categories": [
"required_fields",
"component_basic"
],
"required_fields": [
"bomFormat",
"specVersion",
"serialNumber",
"version",
"name"
],
"minimum_score": 40,
"weight_multiplier": 1.0
},
"standard": {
"description": "Comprehensive fields for proper documentation",
"required_categories": [
"required_fields",
"metadata",
"component_basic"
],
"required_fields": [
"bomFormat",
"specVersion",
"serialNumber",
"version",
"name",
"downloadLocation",
"primaryPurpose",
"suppliedBy"
],
"minimum_score": 70,
"weight_multiplier": 1.0
},
"advanced": {
"description": "Extensive documentation for maximum transparency",
"required_categories": [
"required_fields",
"metadata",
"component_basic",
"component_model_card",
"external_references"
],
"required_fields": [
"bomFormat",
"specVersion",
"serialNumber",
"version",
"name",
"downloadLocation",
"primaryPurpose",
"suppliedBy",
"type",
"purl",
"description",
"licenses",
"hyperparameter",
"technicalLimitations",
"energyConsumption",
"safetyRiskAssessment",
"typeOfModel"
],
"minimum_score": 85,
"weight_multiplier": 1.0
}
},
"algorithm_config": {
"type": "weighted_sum",
"max_score": 100,
"normalization": "category_based",
"penalty_for_missing_critical": 0.5,
"bonus_for_complete_categories": 0.1
}
},
"aibom_config": {
"structure_template": "cyclonedx_1.6",
"generator_info": {
"name": "owasp-aibom-generator",
"version": "1.0.0",
"manufacturer": "OWASP GenAI Security Project"
},
"generation_rules": {
"include_metadata_properties": true,
"include_model_card": true,
"include_external_references": true,
"include_dependencies": true
},
"validation_rules": {
"require_critical_fields": true,
"validate_jsonpath_expressions": true,
"enforce_cyclonedx_schema": true
}
},
"fields": {
"bomFormat": {
"tier": "critical",
"weight": 4.0,
"category": "required_fields",
"description": "Format identifier for the SBOM",
"jsonpath": "$.bomFormat",
"aibom_generation": {
"location": "$.bomFormat",
"rule": "always_include",
"source_fields": [
"bomFormat"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: bomFormat - essential for SBOM identification",
"recommendation": "Ensure bomFormat is set to 'CycloneDX'"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#bomFormat",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#bomFormat",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/core/"
}
},
"datasets": {
"tier": "important",
"weight": 3.0,
"category": "component_model_card",
"description": "Datasets used for training",
"jsonpath": "$.component.modelCard.modelParameters.datasets",
"aibom_generation": {
"location": "$.component.modelCard.modelParameters.datasets",
"rule": "include_if_available",
"source_fields": [
"datasets",
"dataset",
"data"
],
"validation": "recommended",
"data_type": "array"
},
"scoring": {
"points": 3.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.1
},
"validation_message": {
"missing": "Missing field: datasets - training data information important for transparency",
"recommendation": "Add information about the datasets used to train the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_modelParameters_datasets",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_modelParameters_datasets",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/dataset/"
}
},
"paper": {
"tier": "supplementary",
"weight": 2.0,
"category": "external_references",
"description": "Research paper associated with the model",
"jsonpath": "$.metadata.component.externalReferences[?(@.type=='documentation')]",
"aibom_generation": {
"location": "none",
"rule": "include_if_present",
"source_fields": [
"paper"
],
"validation": "optional",
"data_type": "string"
},
"extraction": {
"methods": [
"api"
],
"source_priority": [
"api"
]
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "No research paper link found",
"recommendation": "Add ArXiv tag or paper link to model card"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_externalReferences",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_externalReferences",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"vcs": {
"tier": "supplementary",
"weight": 4.0,
"category": "external_references",
"description": "Version control system URL",
"jsonpath": "$.components[0].externalReferences[?(@.type=='vcs')].url",
"aibom_generation": {
"location": "none",
"rule": "include_if_present",
"source_fields": [
"vcs",
"repository"
],
"validation": "optional",
"data_type": "string"
},
"extraction": {
"methods": [
"api"
],
"source_priority": [
"api"
]
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.4
},
"validation_message": {
"missing": "No VCS link found",
"recommendation": "Add repository link to model card"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_externalReferences",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_externalReferences",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"website": {
"tier": "supplementary",
"weight": 4.0,
"category": "external_references",
"description": "Model website or documentation URL",
"jsonpath": "$.components[0].externalReferences[?(@.type=='website')].url",
"aibom_generation": {
"location": "none",
"rule": "include_if_present",
"source_fields": [
"website",
"url"
],
"validation": "optional",
"data_type": "string"
},
"extraction": {
"methods": [
"api"
],
"source_priority": [
"api"
]
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.4
},
"validation_message": {
"missing": "No website link found",
"recommendation": "Add website link to model card"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_externalReferences",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_externalReferences",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"specVersion": {
"tier": "critical",
"weight": 4.0,
"category": "required_fields",
"description": "CycloneDX specification version",
"jsonpath": "$.specVersion",
"aibom_generation": {
"location": "$.specVersion",
"rule": "always_include",
"source_fields": [
"specVersion"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: specVersion - required for CycloneDX compliance",
"recommendation": "Set specVersion to '1.6' for CycloneDX 1.6 compliance"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#specVersion",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#specVersion",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/core/"
}
},
"serialNumber": {
"tier": "critical",
"weight": 4.0,
"category": "required_fields",
"description": "Unique identifier for this SBOM instance",
"jsonpath": "$.serialNumber",
"aibom_generation": {
"location": "$.serialNumber",
"rule": "always_include",
"source_fields": [
"serialNumber"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: serialNumber - unique identifier required",
"recommendation": "Generate a UUID for the SBOM instance"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#serialNumber",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#serialNumber",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/core/"
}
},
"version": {
"tier": "critical",
"weight": 4.0,
"category": "required_fields",
"description": "Version of this SBOM document",
"jsonpath": "$.version",
"aibom_generation": {
"location": "$.version",
"rule": "always_include",
"source_fields": [
"version"
],
"validation": "required",
"data_type": "integer"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: version - document version required",
"recommendation": "Set version to 1 for initial SBOM generation"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#version",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#version",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/core/"
}
},
"primaryPurpose": {
"tier": "critical",
"weight": 4.0,
"category": "metadata",
"description": "Primary purpose or task of the AI model",
"jsonpath": "$.component.modelCard.modelParameters.task",
"aibom_generation": {
"location": "$.component.modelCard.modelParameters.task",
"rule": "include_if_available",
"source_fields": [
"primaryPurpose",
"pipeline_tag",
"ai:task"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: primaryPurpose - essential for understanding model intent",
"recommendation": "Add the primary task or purpose of the AI model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_modelParameters_approach",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_modelParameters_approach",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"suppliedBy": {
"tier": "critical",
"weight": 4.0,
"category": "metadata",
"description": "Organization or individual that supplied the model",
"jsonpath": "$.component.supplier.name",
"aibom_generation": {
"location": "$.component.supplier",
"rule": "include_if_available",
"source_fields": [
"suppliedBy",
"author",
"publisher"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: suppliedBy - supplier identification required",
"recommendation": "Add the organization or individual who provided the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_supplier",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_supplier",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/"
}
},
"standardCompliance": {
"tier": "supplementary",
"weight": 1.0,
"category": "metadata",
"description": "Standards or regulations the model complies with",
"jsonpath": "$.metadata.properties[?(@.name=='standardCompliance')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"standardCompliance",
"compliance"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.05
},
"validation_message": {
"missing": "Missing supplementary field: standardCompliance - compliance information helpful",
"recommendation": "Add any relevant standards or regulations the model complies with"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-standardCompliance",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"external_references": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_basic",
"description": "Additional external references",
"jsonpath": "$.component.externalReferences",
"aibom_generation": {
"location": "$.component.externalReferences",
"rule": "include_if_available",
"source_fields": [
"external_references",
"references",
"citations"
],
"validation": "optional",
"data_type": "array"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.05
},
"validation_message": {
"missing": "Missing supplementary field: external_references - additional references helpful",
"recommendation": "Add links to papers, documentation, or other resources"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_externalReferences",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_externalReferences",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"domain": {
"tier": "supplementary",
"weight": 1.0,
"category": "metadata",
"description": "Domain or field of application",
"jsonpath": "$.metadata.properties[?(@.name=='domain')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"domain",
"field",
"application_area"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.05
},
"validation_message": {
"missing": "Missing supplementary field: domain - application domain helpful for context",
"recommendation": "Add the domain or field where this model is typically applied"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-domain",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"autonomyType": {
"tier": "supplementary",
"weight": 1.0,
"category": "metadata",
"description": "Level of autonomy or human involvement required",
"jsonpath": "$.metadata.properties[?(@.name=='autonomyType')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"autonomyType",
"autonomy_level"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.05
},
"validation_message": {
"missing": "Missing supplementary field: autonomyType - autonomy level information helpful",
"recommendation": "Add information about the level of human oversight required"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-autonomyType",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"name": {
"tier": "critical",
"weight": 4.0,
"category": "component_basic",
"description": "Name of the AI model component",
"jsonpath": "$.components[0].name",
"aibom_generation": {
"location": "$.components[0].name",
"rule": "always_include",
"source_fields": [
"name",
"model_name"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing critical field: name - essential for model identification",
"recommendation": "Add a descriptive name for the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_name",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_name",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/"
}
},
"type": {
"tier": "critical",
"weight": 4.0,
"category": "component_basic",
"description": "Type of component (machine-learning-model)",
"jsonpath": "$.components[0].type",
"aibom_generation": {
"location": "$.components[0].type",
"rule": "always_include",
"source_fields": [
"type"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing field: type - component type classification needed",
"recommendation": "Set type to 'machine-learning-model' for AI models"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_type",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_type",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/"
}
},
"component_version": {
"tier": "critical",
"weight": 4.0,
"category": "component_basic",
"description": "Version of the component",
"jsonpath": "$.components[0].version",
"aibom_generation": {
"location": "$.components[0].version",
"rule": "always_include",
"source_fields": [
"version"
],
"validation": "required",
"data_type": "string"
},
"scoring": {
"points": 4.0,
"required_for_profiles": [
"basic",
"standard",
"advanced"
],
"category_contribution": 0.2
},
"validation_message": {
"missing": "Missing field: version - component version needed",
"recommendation": "Set an appropriate version for the component"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_version",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_version",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/"
}
},
"purl": {
"tier": "important",
"weight": 3.0,
"category": "component_basic",
"description": "Package URL identifier",
"jsonpath": "$.components[0].purl",
"aibom_generation": {
"location": "$.components[0].purl",
"rule": "include_if_available",
"source_fields": [
"purl",
"package_url"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 3.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.15
},
"validation_message": {
"missing": "Missing field: purl - package URL for identification",
"recommendation": "Add a Package URL (PURL) for the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_purl",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_purl",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/Package/"
}
},
"description": {
"tier": "important",
"weight": 3.0,
"category": "component_basic",
"description": "Description of the AI model",
"jsonpath": "$.components[0].description",
"aibom_generation": {
"location": "$.components[0].description",
"rule": "include_if_available",
"source_fields": [
"description",
"summary"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 3.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.15
},
"validation_message": {
"missing": "Missing field: description - model description helpful for understanding",
"recommendation": "Add a clear description of what the model does"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_description",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_description",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/software/"
}
},
"licenses": {
"tier": "important",
"weight": 3.0,
"category": "component_basic",
"description": "License information for the model",
"jsonpath": "$.components[0].licenses",
"aibom_generation": {
"location": "$.components[0].licenses",
"rule": "include_if_available",
"source_fields": [
"licenses",
"license"
],
"validation": "recommended",
"data_type": "array"
},
"scoring": {
"points": 3.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.15
},
"validation_message": {
"missing": "Missing field: licenses - license information important for compliance",
"recommendation": "Add license information for the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_licenses",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_licenses",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/simple_licensing/"
}
},
"ethicalConsiderations": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Ethical considerations and fairness assessments",
"jsonpath": "$.component.modelCard.considerations.ethicalConsiderations[0].description",
"aibom_generation": {
"location": "$.component.modelCard.considerations.ethicalConsiderations",
"rule": "include_if_available",
"source_fields": [
"ethicalConsiderations",
"ethics",
"fairness"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: ethicalConsiderations - ethical information is critical",
"recommendation": "Add ethical considerations or fairness assessments"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_ethicalConsiderations",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_ethicalConsiderations",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"energyConsumption": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Energy consumption information",
"jsonpath": "$.metadata.properties[?(@.name=='energyConsumption')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"energyConsumption",
"energy_usage"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: energyConsumption - energy usage information helpful for sustainability",
"recommendation": "Add information about the model's energy consumption"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"hyperparameter": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Key hyperparameters of the model architecture",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:hyperparameter')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"hyperparameter",
"hyperparameters",
"training_params"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: hyperparameter - training configuration helpful for reproducibility",
"recommendation": "Add key hyperparameters used during model training"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-hyperparameter",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"technicalLimitations": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Known limitations of the model",
"jsonpath": "$.component.modelCard.considerations.technicalLimitations[0]",
"aibom_generation": {
"location": "$.component.modelCard.considerations.technicalLimitations",
"rule": "include_if_available",
"source_fields": [
"technicalLimitations",
"limitations",
"known_issues"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: technicalLimitations - limitations information helpful for safety",
"recommendation": "Add known technical limitations of the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_technicalLimitations",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_technicalLimitations",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"safetyRiskAssessment": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Safety and risk assessment information",
"jsonpath": "$.metadata.properties[?(@.name=='safetyRiskAssessment')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"safetyRiskAssessment",
"safety_assessment",
"risk_analysis"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: safetyRiskAssessment - safety assessment important for responsible deployment",
"recommendation": "Add safety and risk assessment information"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-safetyRiskAssessment",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"intendedUse": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Intended use cases for the model",
"jsonpath": "$.component.modelCard.considerations.useCases[0]",
"aibom_generation": {
"location": "$.component.modelCard.considerations.useCases",
"rule": "include_if_available",
"source_fields": [
"intendedUse",
"use_cases",
"applications"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: intendedUse - intended use information helpful for context",
"recommendation": "Add intended use cases for the model"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_useCases",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_useCases",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"typeOfModel": {
"tier": "important",
"weight": 2.0,
"category": "component_model_card",
"description": "Type or architecture of the model",
"jsonpath": "$.components[0].modelCard.modelParameters.modelArchitecture",
"aibom_generation": {
"location": "$.components[0].modelCard.modelParameters.modelArchitecture",
"rule": "include_if_available",
"source_fields": [
"typeOfModel",
"model_type",
"architecture"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 2.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.067
},
"validation_message": {
"missing": "Missing field: typeOfModel - model architecture information helpful",
"recommendation": "Add the type or architecture of the model (e.g., Transformer, CNN)"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_modelParameters_approach",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_modelParameters_approach",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"modelExplainability": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Information about model explainability",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:modelCardExplainability')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"modelExplainability",
"explainability",
"interpretability"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: modelExplainability - explainability information helpful for transparency",
"recommendation": "Add information about model explainability or interpretability features"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-modelExplainability",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"energyQuantity": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Quantitative energy consumption data",
"jsonpath": "$.metadata.properties[?(@.name=='energyQuantity')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"energyQuantity",
"energy_amount"
],
"validation": "optional",
"data_type": "number"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: energyQuantity - quantitative energy data helpful for sustainability metrics",
"recommendation": "Add specific energy consumption quantities"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions_items_activityEnergyCost_value",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions_items_activityEnergyCost_value",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"energyUnit": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Unit of measurement for energy consumption",
"jsonpath": "$.metadata.properties[?(@.name=='energyUnit')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"energyUnit",
"energy_unit"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: energyUnit - energy measurement unit helpful for standardization",
"recommendation": "Add the unit of measurement for energy consumption (e.g., kWh, Joules)"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions_items_activityEnergyCost_unit",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_environmentalConsiderations_energyConsumptions_items_activityEnergyCost_unit",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"informationAboutTraining": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Information about the training process",
"jsonpath": "$.metadata.properties[?(@.name=='informationAboutTraining')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"informationAboutTraining",
"training_info",
"training_details"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: informationAboutTraining - training details helpful for understanding model development",
"recommendation": "Add information about the training process and methodology"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-informationAboutTraining",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"informationAboutApplication": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Information about intended applications",
"jsonpath": "$.metadata.properties[?(@.name=='informationAboutApplication')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"informationAboutApplication",
"application_info",
"intended_use"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: informationAboutApplication - application guidance helpful for proper usage",
"recommendation": "Add information about intended applications and use cases"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_considerations_useCases",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_considerations_useCases",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"metric": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Performance metrics and evaluation results",
"jsonpath": "$.metadata.properties[?(@.name=='metric')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"metric",
"metrics",
"performance"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: metric - performance metrics helpful for evaluation",
"recommendation": "Add performance metrics and evaluation results"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_modelCard_quantitativeAnalysis_performanceMetrics",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_modelCard_quantitativeAnalysis_performanceMetrics",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"metricDecisionThreshold": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Decision thresholds for metrics",
"jsonpath": "$.metadata.properties[?(@.name=='metricDecisionThreshold')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"metricDecisionThreshold",
"decision_threshold",
"threshold"
],
"validation": "optional",
"data_type": "number"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: metricDecisionThreshold - decision thresholds helpful for operational guidance",
"recommendation": "Add decision thresholds for performance metrics"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-metricDecisionThreshold",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"modelDataPreprocessing": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Data preprocessing information",
"jsonpath": "$.metadata.properties[?(@.name=='modelDataPreprocessing')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"modelDataPreprocessing",
"data_preprocessing",
"preprocessing"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: modelDataPreprocessing - preprocessing details helpful for reproducibility",
"recommendation": "Add information about data preprocessing steps"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-modelDataPreprocessing",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"useSensitivePersonalInformation": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Information about use of sensitive personal data",
"jsonpath": "$.metadata.properties[?(@.name=='useSensitivePersonalInformation')].value",
"aibom_generation": {
"location": "$.metadata.properties",
"rule": "include_if_available",
"source_fields": [
"useSensitivePersonalInformation",
"sensitive_data",
"personal_data"
],
"validation": "optional",
"data_type": "boolean"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: useSensitivePersonalInformation - privacy information important for compliance",
"recommendation": "Add information about use of sensitive or personal data"
},
"reference_urls": {
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/model/AI/Classes/AIPackage/#AI-useSensitivePersonalInformation",
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"downloadLocation": {
"tier": "important",
"weight": 3.0,
"category": "external_references",
"description": "URL to download the model",
"jsonpath": "$.components[0].externalReferences[?(@.type=='distribution' || @.type=='website')].url",
"aibom_generation": {
"location": "$.component.externalReferences",
"rule": "include_if_available",
"source_fields": [
"downloadLocation",
"download_url",
"model_url"
],
"validation": "recommended",
"data_type": "string"
},
"scoring": {
"points": 3.0,
"required_for_profiles": [
"standard",
"advanced"
],
"category_contribution": 0.15
},
"validation_message": {
"missing": "Missing field: downloadLocation - model download URL required",
"recommendation": "Add a URL where the model can be downloaded"
},
"reference_urls": {
"cyclonedx_1.6": "https://cyclonedx.org/docs/1.6/json/#components_items_externalReferences",
"cyclonedx_1.7": "https://cyclonedx.org/docs/1.7/json/#components_items_externalReferences",
"spdx_3.1": "https://spdx.github.io/spdx-spec/v3.1-RC1/ai/"
}
},
"vocab_size": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Expected size of the model's vocabulary",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:vocabSize')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"vocab_size"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: vocab_size - GGUF model properties helpful for reproducibility",
"recommendation": "Add Vocabulary Size"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"tokenizer_class": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "The specific tokenizer class or method used",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:tokenizerClass')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"tokenizer_class"
],
"validation": "optional",
"data_type": "string"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: tokenizer_class - GGUF model properties helpful for reproducibility",
"recommendation": "Add Tokenizer Class"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"context_length": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Maximum context length or sequence length supported",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:contextLength')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"context_length"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: context_length - GGUF model properties helpful for reproducibility",
"recommendation": "Add Context Length"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"embedding_length": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Vector length of the token embeddings",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:embeddingLength')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"embedding_length"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: embedding_length - GGUF model properties helpful for reproducibility",
"recommendation": "Add Embedding Length"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"block_count": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Number of transformer blocks or layers",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:blockCount')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"block_count"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: block_count - GGUF model properties helpful for reproducibility",
"recommendation": "Add Block Count"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"attention_head_count": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Number of attention heads in the model",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:attentionHeadCount')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"attention_head_count"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: attention_head_count - GGUF model properties helpful for reproducibility",
"recommendation": "Add Attention Head Count"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"attention_head_count_kv": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Number of Key-Value attention heads",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:attentionHeadCountKV')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"attention_head_count_kv"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: attention_head_count_kv - GGUF model properties helpful for reproducibility",
"recommendation": "Add Attention Head Count KV"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"feed_forward_length": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Dimensionality of the feed-forward network",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:feedForwardLength')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"feed_forward_length"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: feed_forward_length - GGUF model properties helpful for reproducibility",
"recommendation": "Add Feed Forward Length"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"rope_dimension_count": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Number of dimensions for Rotary Position Embedding (RoPE)",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:ropeDimensionCount')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"rope_dimension_count"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: rope_dimension_count - GGUF model properties helpful for reproducibility",
"recommendation": "Add RoPE Dimension Count"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"quantization_version": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Version or specification identifier of the quantization format",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:quantizationVersion')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"quantization_version"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: quantization_version - GGUF model properties helpful for reproducibility",
"recommendation": "Add Quantization Version"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
},
"quantization_file_type": {
"tier": "supplementary",
"weight": 1.0,
"category": "component_model_card",
"description": "Enum or integer identifier for the quantization bit-precision (e.g. Q4_K_M)",
"jsonpath": "$.components[0].modelCard.properties[?(@.name=='genai:aibom:modelcard:quantizationFileType')].value",
"aibom_generation": {
"location": "$.components[0].properties",
"rule": "include_if_available",
"source_fields": [
"quantization_file_type"
],
"validation": "optional",
"data_type": "integer"
},
"scoring": {
"points": 1.0,
"required_for_profiles": [
"advanced"
],
"category_contribution": 0.033
},
"validation_message": {
"missing": "Missing supplementary field: quantization_file_type - GGUF model properties helpful for reproducibility",
"recommendation": "Add Quantization File Type"
},
"reference_urls": {
"genai_aibom_taxonomy": "https://github.com/GenAI-Security-Project/cyclonedx-property-taxonomy"
}
}
}
}