feat: Add AI-BOM signature verification by VinnyBarton · Pull Request #16 · shiftleftcyber/securesbom-verifier

VinnyBarton · 2026-05-26T19:56:32Z

Summary

Adds AI-BOM embedded signature verification support to securesbom-verifier.

Added AI-BOM verification APIs:
- VerifyAIBOMEmbeddedVersioned
- VerifyAIBOMEmbeddedWithKeyVersioned
Added verification support for metadata.sbomAuthorSignature
Reused the existing CycloneDX-style embedded signature verification flow
Added offline CLI support for validator-detected AI-SBOM files
Upgraded github.com/shiftleftcyber/sbom-validator/v2 to v2.5.1
Added AI-BOM test fixtures and contract fixture coverage
Updated README and examples for AI-BOM usage
Add E2E tests for offline verification

VinnyBarton added 4 commits May 26, 2026 15:55

feat: Add AI-BOM signature verification

46a2ce5

feat: Add AI-BOM signature verification

8ab955b

feat: Add AI-BOM signature verification

516539f

feat: add sample commands

82c9eda

VinnyBarton merged commit d85ce80 into main May 27, 2026
9 checks passed