AI SBOM JSON Schema

Published JSON Schema for AI Software Bill of Materials documents. Use these URLs directly from validators, CI workflows, and AI supply chain security automation.

This schema provides a machine-readable format for describing the components, relationships, datasets, models, infrastructure, security properties, and operational indicators that make up an AI system. It is intended to help teams inventory AI systems in a consistent way so downstream tools can validate, compare, scan, and reason about AI supply chain information without relying on ad hoc spreadsheets or prose documents.

What This Is

An AI SBOM extends the familiar Software Bill of Materials idea to the AI system context. In addition to software components and dependencies, an AI SBOM can document AI models, model identifiers, model provenance, training and evaluation datasets, data flows, infrastructure dependencies, security controls, vulnerability references, and performance indicators. This repository publishes a JSON Schema so AI SBOM producers and consumers have a stable contract for automation.

Source Basis

The schema is based on the minimum element clusters described in SBOM-for-AI_minimum-elements.pdf, a document created by the G7 Cybersecurity Working Group. Those minimum elements are organized around metadata, system-level properties, models, dataset properties, infrastructure, security properties, and key performance indicators.

For additional context, see CISA's Software Bill of Materials for AI Minimum Elements resource and the Canadian Centre for Cyber Security's Top 10 artificial intelligence security actions primer.

Why It Exists

AI systems often combine conventional software, third-party services, model artifacts, datasets, specialized infrastructure, and policy or security controls. A standard schema makes that information easier to exchange and validate. It also gives security teams a simple discriminator field, metadata.bomFormat, with the fixed value AI-SBOM, so tools can quickly identify AI SBOM documents.

Author Signatures

The optional metadata.sbomAuthorSignature field uses the JSON Signature Format (JSF) signaturecore structure. JSF is already used by CycloneDX for enveloped JSON signatures, so this schema follows an existing signing model rather than inventing a new one. That improves interoperability with BOM-oriented tooling and gives implementers a clearer path for signature generation and verification.

This schema currently supports only simple JSF signaturecore. It does not yet support JSF multisignature signers or signature-chain chain objects. A signature can include an algorithm, signature value, key identifier, embedded public key, and certificate path. Embedded public keys make cryptographic verification easier, while certificate paths and key identifiers can support stronger identity and trust decisions when paired with a verifier's trust policy.

For simple signatures, the signed payload is the entire AI SBOM JSON document after JSON Canonicalization Scheme processing, with only metadata.sbomAuthorSignature.value removed before canonicalization. Other signature fields, including algorithm, keyId, publicKey, and certificatePath, remain part of the signed payload.

Common Uses

Technical Whitepaper

Read the intro whitepaper on trustworthy AI supply chain metadata, the AI-BOM schema proof of concept, and SecureSBOM signing and verification.

Building Trustworthy AI Supply Chain Metadata with AI-SBOMs

Schema URLs

https://shiftleftcyber.io/ai-bom/schemas/ai-sbom-1.0.0.schema.json https://shiftleftcyber.io/ai-bom/schemas/ai-sbom.schema.json

Repository

Source, examples, releases, and issue tracking are available at github.com/shiftleftcyber/ai-bom.