Publication Details
- Title: ALOHA: A(IBoM) tooL generatOr for Hugging fAce
- Authors: Riccardo D'Avino, Sabato Nocera, Daniele Bifolco, Federica Pepe, Massimiliano Di Penta, and Giuseppe Scanniello
- Venue: International Conference on Evaluation and Assessment in Software Engineering (EASE)
- Publisher: ACM
- Year: 2025
- Pre‑print:
Abstract
The increasing adoption of Artificial Intelligence (AI) in any kind of software has highlighted the need for greater transparency, security, and traceability within the AI supply chain. The AI Bill of Materials (AIBoM) extends the Software Bill of Materials (SBoM) concept by incorporating AI-specific components such as models, datasets, dependencies, and metadata. In this paper, we introduce ALOHA, a novel tool that automatically generates AIBoM from AI models hosted on Hugging Face (HF), leveraging the CycloneDX standard for software transparency and security. ALOHA extracts relevant metadata from model cards and maps them to a structured AIBoM format, ensuring compliance with existing SBoM frameworks. We conducted a preliminary empirical evaluation on a statistically significant sample of 312 AI models to assess ALOHA. Our initial findings indicate that while ALOHA successfully retrieves and structures essential AIBoM fields, challenges remain regarding metadata completeness and standardization of model cards. This work represents a step towards enhancing AI supply chain security and governance, providing a foundation for future advancements in AIBoM generation. Tool link: https://doi.org/10.5281/zenodo.15052346
BibTeX Citation
@inproceedings{Davino:Ease:2025,
title={ALOHA: A(IBoM) tooL generatOr for Hugging fAce},
author={Riccardo {D'Avino} and Sabato Nocera and Daniele Bifolco and Federica Pepe and Massimiliano {Di Penta} and Giuseppe Scanniello},
booktitle={Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering},
pages={},
year={2025},
publisher={ACM}
}