> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> [AI Finder](https://github.com/scanoss/ai-finder) is a CLI tool for detecting AI-generated artifacts in source code repositories. It helps organisations inventory AI components, assess supply chain risk and meet emerging regulatory and governance requirements.

## Key Capabilities

### Supply Chain Security

Identify AI models, frameworks, SDKs, APIs and dependencies used throughout your software ecosystem to improve visibility and reduce supply chain risk.

### AI Compliance and Governance

Generate AI-focused SBOMs and compliance reports to support regulatory frameworks such as the EU AI Act and internal governance policies.

### Risk Assessment and Provenance Analysis

Detect AI service integrations, exposed model endpoints, API keys, model origins and usage patterns to support security reviews and risk management.

## Features

### SDK Detection (12 languages)

| Language              | SDKs Detected                                                                   |
| --------------------- | ------------------------------------------------------------------------------- |
| Python                | OpenAI, Anthropic, HuggingFace, LangChain, LlamaIndex, Strands, CrewAI, AutoGen |
| JavaScript/TypeScript | OpenAI, Anthropic, LangChain, Vercel AI SDK                                     |
| Go                    | go-openai, go-anthropic                                                         |
| Rust                  | async-openai, anthropic-rs                                                      |
| Java/Kotlin           | openai-java, LangChain4j, Spring AI                                             |
| And more...           | Ruby, PHP, C#, C++, Swift, Scala, Kotlin                                        |

### AI Package Detection (150+ packages)

Comprehensive detection across categories:

| Category              | Packages                                                                     |
| --------------------- | ---------------------------------------------------------------------------- |
| **LLM Clients**       | OpenAI, Anthropic, Cohere, Groq, Mistral, Ollama, Google GenAI, Azure OpenAI |
| **Agent Frameworks**  | LangChain, LlamaIndex, Strands Agents, CrewAI, AutoGen, Semantic Kernel      |
| **ML Frameworks**     | PyTorch, TensorFlow, Keras, JAX, Transformers, scikit-learn, XGBoost         |
| **Vector Databases**  | ChromaDB, Pinecone, Weaviate, Qdrant, Milvus, FAISS, LanceDB                 |
| **Speech/Audio AI**   | OpenAI Whisper, Faster Whisper, ElevenLabs, Bark                             |
| **AI Safety**         | AIProxyGuard, Guardrails AI, NeMo Guardrails, LLM Guard                      |
| **Tools & Utilities** | Tavily, LangSmith, W\&B, MLflow, Accelerate, Datasets                        |
| **MCP/Tool Use**      | MCP, Anthropic Tools                                                         |

### Model File Detection (12 formats)

GGUF, SafeTensors, ONNX, PyTorch, TensorFlow, TFLite, CoreML, JAX, Keras, MXNet, PaddlePaddle, Pickle

### Manifest Parsing (11 formats)

requirements.txt, pyproject.toml, package.json, go.mod, Cargo.toml, pom.xml, build.gradle, Gemfile, composer.json, \*.csproj, Package.swift

### Output Formats

* **JSON** - Machine-readable findings
* **CycloneDX 1.6** - OWASP SBOM format with ML-BOM support
* **SPDX 2.3** - Linux Foundation SBOM format
* **SPDX 3.0** - Latest SPDX specification with JSON-LD

## SBOM Compliance

Generated SBOMs are compliant with major standards:

| Standard                       | Status    | Notes                                                             |
| ------------------------------ | --------- | ----------------------------------------------------------------- |
| **CISA Minimum SBOM Elements** | Compliant | Supplier, name, version, PURL, timestamp, author                  |
| **OpenChain ISO/IEC 5230**     | Compliant | Document namespace, SPDX-License-Identifier, creator info         |
| **EU AI Act**                  | Ready     | License info, descriptions, external references for AI components |
| **CycloneDX ML-BOM**           | Supported | modelCard, modelParameters, architecture metadata                 |

### License Handling

* Licenses are automatically enriched from PyPI, npm, and HuggingFace
* Unknown licenses are marked as `NOASSERTION` per SPDX specification
* Supports SPDX license expressions
