SBOM generation is automated by the engineering team and integrated into the CI pipeline. Syft scans container images and code repositories, producing an SBOM in CycloneDX or SPDX format. CycloneDX is the more ML-friendly format: it supports component types beyond software libraries, including machine learning models, datasets, and services. CycloneDX’s ML extension allows the SBOM to reference model artefacts with their provenance metadata.

For ML systems, the SBOM extends beyond traditional software dependencies to include the ML framework version (TensorFlow, PyTorch, scikit-learn), pre-trained model components (base models, embedding models, tokenisers), and external API dependencies (third-party model APIs, data enrichment services). The complete SBOM, covering both software and ML components, is stored by the Conformity Assessment Coordinator in the evidence register and updated on every deployment.

The SBOM serves three compliance functions: vulnerability management (input to scanning tools), licence compliance (input to licence analysis), and provenance documentation (Annex IV evidence). The SBOM is attached to the container image as a cosign attestation, linking it to the specific image version. covers the per-build SBOM as a CI/CD artefact; this article addresses the generation process and ML-specific extension.

Key outputs

• Automated SBOM generation (Syft) in CycloneDX or SPDX format
• ML-specific component inclusion via CycloneDX ML extension
• Cosign attestation linking SBOM to container image
• Module 9 and Module 3 AISDP evidence