By Sagar Shankaran, Founder of CallSphere
Generate a CycloneDX SBOM + ML-BOM for an AI voice agent, attest SLSA provenance with cosign, verify with policy in Kubernetes via Kyverno. Real CI YAML and policy.
Key takeaways
TL;DR — In 2026, an AI build needs both a code SBOM (CycloneDX 1.7) and an ML-BOM (model weights, training data lineage). Sign both with cosign, attest SLSA v1.0 provenance, and let Kyverno block any unsigned image from the cluster.
A CI pipeline that builds the voice agent image, generates a CycloneDX SBOM with Syft, generates a CycloneDX ML-BOM for the model assets used, signs everything with cosign keyless, and enforces verification at admission with Kyverno.
flowchart LR
SRC[Source] --> BUILD[Build image]
BUILD --> SYFT[Syft → CycloneDX SBOM]
BUILD --> MLBOM[CycloneDX ML-BOM tool]
SYFT --> SIGN[cosign attest]
MLBOM --> SIGN
BUILD --> PROV[SLSA provenance]
PROV --> SIGN
SIGN --> REG[OCI registry]
REG --> ADM[Kyverno admission]
ADM --> POD[Pod allowed]
```yaml
Syft scans the image: every Python wheel, every OS package, every Go binary embedded — listed with version, license, and CPE.
CycloneDX 1.7 (March 2026) added first-class ML-BOM:
```yaml
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
The ML-BOM lists every model the agent calls. Auditors love this.
```yaml
```yaml
Provenance is signed via GitHub OIDC + Sigstore Fulcio; verifiable with no key distribution.
```yaml apiVersion: kyverno.io/v2beta1 kind: ClusterPolicy metadata: { name: verify-voice-agent } spec: validationFailureAction: Enforce rules: - name: verify-signed-and-sbom match: { any: [{ resources: { kinds: [Pod], namespaces: [voice] }}]} verifyImages: - imageReferences: ["ghcr.io/acme/voice-agent*"] attestors: - entries: - keyless: subject: "https://github.com/acme/voice-agent/.github/workflows/build.yml@" issuer: "https://token.actions.githubusercontent.com" attestations: - type: cyclonedx attestors: - entries: - keyless: subject: "https://github.com/acme/voice-agent/.github/workflows/build.yml@" issuer: "https://token.actions.githubusercontent.com" - type: https://slsa.dev/provenance/v1.0 ```
Now any pod referencing an unsigned, unattested, or wrong-builder image is rejected at admission. No exceptions.
```bash cosign verify ghcr.io/acme/voice-agent@$DIGEST \ --certificate-identity-regexp "https://github.com/acme/voice-agent/.github/workflows/build.yml@*" \ --certificate-oidc-issuer https://token.actions.githubusercontent.com
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
cosign verify-attestation ghcr.io/acme/voice-agent@$DIGEST --type cyclonedx \ --certificate-identity-regexp ... | jq '.payload | @base64d | fromjson' ```
```yaml
Re-scan SBOMs nightly — a new CVE on a pinned wheel will flag without a rebuild.
id-token: write in CI breaks cosign keyless silently.cyclonedx-py 5.x prerelease for AI-specific fields. Stable APIs in CycloneDX 1.7+.@* not exact ref.CallSphere generates a CycloneDX SBOM and ML-BOM per voice-agent build, attests SLSA v1.0 provenance, and Kyverno rejects unsigned images at admission across our k3s edge fleet. Healthcare and behavioral-health tenants get a per-vertical attestation report monthly. 37 agents, 90+ tools, 115+ DB tables, $149/$499/$1499, 14-day trial, 22% affiliate.
Q: Do I really need ML-BOM if I only use OpenAI? Yes — auditors want lineage. Even "we call OpenAI gpt-realtime version X" is a single-row ML-BOM and worth having.
Q: Cosign keyless vs key-based? Keyless ties signatures to your CI identity. Key-based requires a KMS and rotation. Keyless wins for almost everyone.
Q: How big are SBOMs? A typical Python AI image: 200-500 KB CycloneDX JSON. Negligible.
Q: Kyverno vs Gatekeeper?
Kyverno's verifyImages is purpose-built for cosign; Gatekeeper needs the Cosign Provider. Use Kyverno for image policy.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Haystack 2.7's Agent component plus an Ollama-served Llama 3.2 gives you tool-calling RAG with citations. Here's a complete pipeline against your own document store.
Run STT, LLM, and TTS entirely on Cloudflare's edge — no OpenAI, no ElevenLabs. Real working code with Whisper, Llama 3.3 70B, and Deepgram Aura.
Version your prompts in git, run a 50-case eval suite on every PR, block merges below threshold, and ship a new agent prompt with confidence — full GitHub Actions tutorial.
Replace expensive outbound SDR tooling with a self-hosted dialer that runs OpenAI Realtime agents at 100 concurrent calls. Full architecture and code.
HVAC companies miss 40–60% of inbound. Build a 4-agent dispatch (intake, scheduling, parts, emergency) that integrates with ServiceTitan in 600 lines.
LangChain v1 + LangGraph v1 in JS, paired with Ollama, gives you a fully local chat agent with tools, memory, and structured output. No OpenAI key required.
© 2026 CallSphere LLC. All rights reserved.
Watch how CallSphere handles real customer calls, schedules appointments, and processes payments — live.
Try Live DemoBook a DemoCalculate Your ROI