Reviews pull requests for the shortcuts AI coding agents take to look done without being done: relaxed tests, swallowed errors, fake renames, 11 checks in all. Flags them for a human by default, or blocks the merge if you turn that on. Can also turn a goal into a checklist and only accept a patch once every check passes.

A community wiki for all things AI/ML bill of materials (MLBOM, AIBOM) and transparency into AI/ML models.

Generate xBOMs enriched with AI, SaaS, Crypto and more using Static Code Analysis

Scan codebases for AI SDK usage and map compliance risks to NIST AI RMF, ISO 42001, and EU AI Act

AI supply-chain security scanner and self-hosted control plane for agents, MCP, SBOM/SARIF, graph findings, runtime enforcement, and compliance evidence.

Open-source EU AI Act compliance scanner. 51 checks across Articles 9-15. Drop-in trust layers for LangChain, CrewAI, AutoGen, OpenAI. Local-first, no data leaves your machine.

The industry-standard Agentic Identity & Inventory Scanner. Automatically inventory autonomous agents (LangChain, AutoGen, CrewAI, PydanticAI) using static analysis, network heuristics, and eBPF. Foundational tool for AIBOM compliance and AgentOps governance.

Data and schema powering the worlds largest collection of SBOM/xBOM products, projects, and services

An AI-BOM visual viewer

Go CLI tool that scans a repository for Hugging Face model usage and emits a CycloneDX AI/ML Bill of Materials.

Policy-as-Code guardrails for ML and LLM systems: OPA/Kyverno policies, compliance mappings, signed bundles, evidence trails, and plugin index.

AI Agent Scanner - A standalone AI Agent scanner that can discover agent repos, configuration, system prompts, classify risk and produce compliance-ready reports

SBOM generation for Python & AI projects. Extract metadata from GGUF, ONNX, and PyTorch models. Build SBOM directly from Hugging Face URL. Native Hatchling build-hook.

THIS IS H A K C I N G Q U A L I T Y

Example Template created from https://github.com/haKC-ai/hakcai_secure_repo_template_creator

AIBOM policy-as-code engine — deny risky combinations of models, tools, and data. OPA-style policy rules for AI supply chain governance. Enforce model pinning, tool approvals, and provider restrictions.

An AI-BOM goof project for Snyk AI-BOM cli

Runtime AIBOM emitter — generate AI Bills of Materials from what actually ran. Combines static inventory with runtime OTel trace evidence: models, tools, endpoints, versions. CycloneDX-compatible output.

Supply-chain forensics for AI models. Traces lineage, audits licenses, flags trust gaps.

AI-BOM emitter — sign and verify SPDX-AI provenance for AI-assisted code