Skip to main content

Installation

AI-BOM supports multiple installation methods depending on your use case.

Requirements

  • Python 3.10 or higher
  • pip or pipx

pip / pipx (recommended)

The fastest way to get started:

pipx install ai-bom

Or with pip in a virtual environment:

python3 -m venv .venv && source .venv/bin/activate
pip install ai-bom

Optional extras

Install additional capabilities with extras:

# Web dashboard for scan history and visualization
pip install ai-bom[dashboard]

# File watcher for automatic re-scanning
pip install ai-bom[watch]

# Live cloud scanning
pip install ai-bom[aws]      # AWS Bedrock, SageMaker
pip install ai-bom[gcp]      # Google Vertex AI
pip install ai-bom[azure]    # Azure OpenAI, Azure ML

# Everything
pip install ai-bom[all]

Troubleshooting: PEP 668 error

Modern Linux distros (Ubuntu 24.04+) and macOS 14+ block pip install at the system level. Use pipx or a virtual environment:

# Debian/Ubuntu
sudo apt install pipx

# macOS
brew install pipx

pipx install ai-bom

Docker

Run AI-BOM without installing Python:

docker run --rm -v $(pwd):/scan ghcr.io/trusera/ai-bom:latest scan /scan

With output file:

docker run --rm -v $(pwd):/scan ghcr.io/trusera/ai-bom:latest \
  scan /scan -f cyclonedx -o /scan/ai-bom.cdx.json

GitHub Action

Add AI-BOM to your CI/CD pipeline with the official GitHub Action:

name: AI-BOM Scan
on: [push, pull_request]
permissions:
  security-events: write
  contents: read

jobs:
  ai-bom:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Scan for AI components
        uses: trusera/ai-bom@main
        with:
          format: sarif
          output: ai-bom-results.sarif
          fail-on: critical
          scan-level: deep

See the GitHub Action guide for full configuration options.

VS Code Extension

Install the AI-BOM scanner extension directly in VS Code:

  1. Open VS Code
  2. Go to the Extensions panel (Ctrl+Shift+X / Cmd+Shift+X)
  3. Search for "AI-BOM"
  4. Click Install

The extension requires the ai-bom Python package. It will prompt you to install it if not found.

See the VS Code Extension guide for configuration details.

n8n Community Node

Scan n8n workflows from inside n8n itself:

npm install n8n-nodes-trusera

Or install via the n8n UI: Settings > Community Nodes > Install > n8n-nodes-trusera

See the n8n Scanner guide for setup instructions.

Verify installation

ai-bom version

Run a quick test scan:

ai-bom demo

This runs a scan on a bundled example project to verify everything works.