UNPKG

@cyclonedx/cdxgen

Version:

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

269 lines (262 loc) 9.4 kB
- id: AIG-001 name: "Prompt config file ships in a build or post-build BOM" description: "Prompt and model-routing config files included in distributable BOMs deserve governance review because they can silently alter downstream AI behavior, provider selection, and policy posture." severity: medium category: ai-governance dry-run-support: full standards: owasp-ai-top-10: - "LLM08: Excessive Agency" - "LLM09: Overreliance" - "LLM06:2025 Excessive Agency" eu-ai-act: - "Technical documentation and traceability" - "Transparency and instructions for use" nist-ai-rmf: - "Govern" - "Map" condition: | $count(metadata.lifecycles[phase = 'build' or phase = 'post-build']) > 0 ? components[ $prop($, 'cdx:file:kind') = 'prompt-config-file' ] : [] location: | { "bomRef": $."bom-ref" } message: "Prompt or model-routing file '{{ name }}' is included in a build/post-build BOM" mitigation: "Review shipped prompt/config files explicitly, keep model-routing decisions versioned, and exclude them from release BOMs when they are only development-time inputs." evidence: | { "fileKind": $prop($, 'cdx:file:kind'), "source": $prop($, 'cdx:ai:source') } - id: AIG-002 name: "AI inference service lacks explicit model selection" description: "Source-discovered AI services without an explicit model identifier make governance, reproducibility, and downstream policy gating harder." severity: medium category: ai-governance dry-run-support: full standards: owasp-ai-top-10: - "LLM09: Overreliance" eu-ai-act: - "Technical documentation and traceability" - "Human oversight" nist-ai-rmf: - "Govern" - "Manage" condition: | $auditServices($)[ $prop($, 'cdx:ai:kind') = 'inference-service' and $prop($, 'cdx:ai:modelSelection') = 'implicit' ] location: | { "bomRef": $."bom-ref", "purl": endpoints[0] } message: "AI inference service '{{ name }}' is used without an explicit model identifier" mitigation: "Declare the exact model ID in code or configuration so routing decisions can be reviewed, tested, and governed consistently." evidence: | { "provider": $prop($, 'cdx:ai:provider'), "deployment": $prop($, 'cdx:ai:deployment'), "modelCount": $prop($, 'cdx:ai:modelCount'), "source": $prop($, 'cdx:ai:source') } - id: AIS-001 name: "AI inference service uses an insecure remote HTTP endpoint" description: "Remote AI inference endpoints should use HTTPS so prompts, tokens, and model responses are not exposed to passive interception or tampering." severity: high category: ai-security dry-run-support: full attack: tactics: [TA0001, TA0009] techniques: [T1190, T1557] standards: owasp-ai-top-10: - "LLM07: Insecure Plugin Design" - "LLM05: Supply Chain Vulnerabilities" - "LLM03:2025 Supply Chain" eu-ai-act: - "Accuracy, robustness and cybersecurity" - "Technical documentation and traceability" eu-cra: - "Secure by default network exposure" - "Technical documentation for software components" nist-ai-rmf: - "Manage" condition: | $auditServices($)[ $prop($, 'cdx:ai:kind') = 'inference-service' and $prop($, 'cdx:ai:deployment') = 'remote' and $prop($, 'cdx:ai:transportSecurity') = 'insecure-http' ] location: | { "bomRef": $."bom-ref", "purl": endpoints[0] } message: "AI inference service '{{ name }}' uses insecure remote transport '{{ endpoints[0] }}'" mitigation: "Require HTTPS/TLS for remote AI endpoints and keep any development-only HTTP endpoints isolated to local-only environments." evidence: | { "provider": $prop($, 'cdx:ai:provider'), "deployment": $prop($, 'cdx:ai:deployment'), "transportSecurity": $prop($, 'cdx:ai:transportSecurity') } - id: AIG-003 name: "AI model is a derived or modified variant" description: "Fine-tuned, distilled, merged, quantized, unlocked, or otherwise modified models deserve explicit review because their behavior and deployment profile can differ materially from the upstream base model." severity: medium category: ai-governance dry-run-support: full standards: owasp-ai-top-10: - "LLM05: Supply Chain Vulnerabilities" - "LLM03:2025 Supply Chain" - "LLM09: Overreliance" eu-ai-act: - "Technical documentation and traceability" - "Transparency and instructions for use" nist-ai-rmf: - "Govern" - "Map" condition: | components[ type = 'machine-learning-model' and $count(properties[ name = 'cdx:ai:variant' and ( value = 'fine-tuned' or value = 'distilled' or value = 'merged' or value = 'adapter' or value = 'quantized' or value = 'unlocked' or value = 'abliterated' ) ]) > 0 ] location: | { "bomRef": $."bom-ref" } message: "AI model '{{ name }}' is marked as a modified variant" mitigation: "Review how the model was adapted, quantized, or otherwise modified; record the upstream source model and confirm the derived artifact still meets governance, safety, and performance expectations." evidence: | { "provider": $prop($, 'cdx:ai:provider'), "source": $prop($, 'cdx:ai:source'), "pedigreeNotes": pedigree.notes } - id: AIS-002 name: "AI model appears unlocked or abliterated" description: "Unlocked or abliterated models often indicate safety controls were weakened or removed, increasing misuse and policy-bypass risk." severity: high category: ai-security dry-run-support: full attack: tactics: [TA0001, TA0005] techniques: [T1190, T1552] standards: owasp-ai-top-10: - "LLM06:2025 Excessive Agency" - "LLM09: Overreliance" eu-ai-act: - "Accuracy, robustness and cybersecurity" - "Technical documentation and traceability" nist-ai-rmf: - "Manage" - "Govern" condition: | components[ type = 'machine-learning-model' and $count(properties[ name = 'cdx:ai:variant' and (value = 'unlocked' or value = 'abliterated') ]) > 0 ] location: | { "bomRef": $."bom-ref" } message: "AI model '{{ name }}' appears unlocked or abliterated" mitigation: "Treat unlocked or abliterated models as high-risk artifacts, review intended use carefully, and add deployment guardrails before distribution." evidence: | { "provider": $prop($, 'cdx:ai:provider'), "source": $prop($, 'cdx:ai:source'), "pedigreeNotes": pedigree.notes } - id: AIP-001 name: "Local AI model advertises a very large context window" description: "Large local context windows can increase memory pressure, latency, and review cost for self-hosted AI runtimes." severity: medium category: ai-performance dry-run-support: full standards: eu-ai-act: - "Performance and resource limitations should be documented" - "Technical documentation and traceability" nist-ai-rmf: - "Measure" - "Manage" condition: | components[ type = 'machine-learning-model' and ( $contains($nullSafeProp($, 'cdx:ai:runtime'), 'ollama') or $contains($nullSafeProp($, 'cdx:ai:runtime'), 'llama.cpp') ) and $number($nullSafeProp($, 'cdx:ai:contextWindow')) >= 131072 ] location: | { "bomRef": $."bom-ref" } message: "Local AI model '{{ name }}' advertises a large context window of {{ $prop($, 'cdx:ai:contextWindow') }} tokens" mitigation: "Validate that the target environment has enough memory and latency budget for the configured context window, or choose a smaller context budget." evidence: | { "runtime": $prop($, 'cdx:ai:runtime'), "contextWindow": $prop($, 'cdx:ai:contextWindow'), "artifactFormat": $prop($, 'cdx:ai:artifactFormat') } - id: AIP-002 name: "Large local AI model lacks quantization metadata" description: "Large locally hosted models without quantization metadata are harder to capacity-plan and can hide unnecessary CPU, RAM, or GPU pressure." severity: medium category: ai-performance dry-run-support: full standards: eu-ai-act: - "Technical documentation and traceability" - "Performance and deployment characteristics should be documented" nist-ai-rmf: - "Measure" - "Manage" condition: | components[ type = 'machine-learning-model' and ( $prop($, 'cdx:ai:source') = 'local-artifact' or $prop($, 'cdx:ai:source') = 'local-config' ) and $number($nullSafeProp($, 'cdx:ai:parameterCount')) >= 7000000000 and $nullSafeProp($, 'cdx:ai:quantization') = '' ] location: | { "bomRef": $."bom-ref" } message: "Large local AI model '{{ name }}' lacks quantization metadata" mitigation: "Record quantization and deployment sizing details for large local models so reviewers can validate resource budgets and runtime fit before rollout." evidence: | { "runtime": $prop($, 'cdx:ai:runtime'), "parameterCount": $prop($, 'cdx:ai:parameterCount'), "source": $prop($, 'cdx:ai:source') }