Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
Artifacts
Bill of Materials
Creating a Bill of M...
Creating a Bill of Materials with CodeSensor

Introduction

Creating a comprehensive Bill of Materials (BOM) is essential for gaining visibility into the components of your AI system. The Cranium platform simplifies this process with the CodeSensor feature, which automates the generation of a BOM by scanning your version control system (VCS) repositories. Whether you're using a public or private repository or want to detect shadow AI systems through the Detect AI Inventory feature, this guide will walk you through creating a BOM with CodeSensor. Follow the step-by-step instructions to set up a VCS connection, input BOM details, and initiate a CodeSensor scan for a detailed analysis of your AI system’s components.

Preconditions

VCS Integration Connected

You must establish a connection to your organization's version control system to scan private repositories. A VCS integration is not required to scan public repositories.

Scanning Methods

Public Repository

Scan public repositories on GitHub without establishing any integrations.

Private Repository

Scan private repositories by connecting to your organization's VCS integration.

Detect AI

Generate BOMs for AI-detected repositories discovered with Cranium's Detect AI.

Scan Configuration

To create a Bill of Materials, start by navigating to the Bill of Materials Wizard. In the navigation drawer, click the Artifacts section, then select Bill of Materials. Click the blue Add Bill of Materials button to launch the Bill of Materials Wizard.

Public Repository

  • If you are scanning a public repository, GitHub will be auto-selected as the platform.
  • Input the full URL for the public repository.
  • Optionally, input the branch you want to scan. If no branch is specified, the main branch will be scanned by default.

Private Repository

Azure DevOps, Bitbucket Datacenter & GitLab

  • Select the appropriate VCS connection from the dropdown. 
  • Select the project containing the desired repository.
  • Choose the specific repository to scan.
  • Optionally, deselect the Use default branch box and select the desired branch from the dropdown.

Bitbucket Cloud & GitHub

  • Select the appropriate VCS connection from the dropdown.
  • Choose the specific repository to scan.
  • Optionally, deselect the Use default branch box and select the desired branch from the dropdown.

Detect AI

  • The Detect AI Inventory feature helps you scan repositories automatically detected within your organization.
  • Select the VCS connection from the dropdown.
  • Select the repository you wan to scan from the table.

Complete BOM Details & Scan

BOM Details

In this step, provide the key information about your Bill of Materials. these details are essential for tracking and managing your BOM effectively, especially as you add more components.

  • Enter a unique and descriptive name that accurately reflects the project or system you're documenting.
  • Add a brief but informative description of the AI project. This could include details about the system's purpose, scope, or key functionalities.
  • Assign an owner who will be responsible for managing and maintaining the BOM.

Initiate the CodeSensor Scan

  • Click the blue Save & Scan Repository button.
  • The BOM Wizard will close and your BOM will be added to the BOM list.
  • At the same time, the scan will begin and you will see your BOM in the scanning queue.
  • The completed BOM displays the models, datasets, and technologies detected in the repository. Detected models are automatically categorized by AI type (Generative AI, Deep Learning, Traditional Machine Learning, or Unknown) and assigned a standardized model name and confidence level. For repositories using supported agentic AI frameworks, the Agentic Systems tab will also display detected agentic systems and their agent relationships. For models with a static system prompt present in the codebase, a system prompt panel appears nested within the model entry in the Models tab.
  • If a webhook is configured on the VCS Integration used to create this BOM, Cranium will automatically trigger a rescan each time code is pushed to the repository. This keeps your BOM current without requiring manual rescans. See the Continuous Monitoring Overview for setup instructions.
Did this answer your question?
Related Articles
System & Network Requirements
Registering SSH for CodeSensor
Accessing a Private VCS
Self-Attest to a Bill of Materials
Bill of Materials Overview
Accessing a Vulnerability Assessment
AgentSensor Overview
Detect AI
Continuous Monitoring Overview
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Technology Search Overview