Trusera Ai-Bom OpenSource (n8n and more) – Open-source AI Bill of Materials scanner for developer security

Summary: AI-BOM is an open-source tool that scans codebases and workflows to detect AI components like LLM integrations, agent frameworks, and MCP servers. It runs multiple scanners in one command, outputs standardized SBOM formats, and integrates with CI/CD pipelines and n8n workflows to improve AI supply chain visibility.

What it does

AI-BOM runs 13 scanners across code, Docker, cloud IaC, Jupyter notebooks, and n8n workflows to detect over 25 AI SDKs in seven languages, exposed API keys, and maps findings to OWASP LLM Top 10 categories. It outputs CycloneDX, SPDX, SARIF, and other SBOM formats and plugs into any CI/CD pipeline.

Who it's for

Developers and security teams shipping AI integrations, agent frameworks, and MCP servers who need visibility into AI components within their software and workflows.

Why it matters

It addresses the lack of visibility and security review for AI components in production, helping teams comply with regulations like the EU AI Act and detect hidden AI risks in their stacks.