How they work: Signatures are the patterns and rules that xBom uses to detect the presence of specific SDKs, APIs, and libraries within your codebase. These signatures look for characteristic import statements, function calls, or other code constructs that indicate the use of a particular component. Community-driven repository: xBom maintains a repository of these signatures, which is community-driven. This allows for a broad and up-to-date set of detections. These are stored in the signatures/ directory of the xBom project. Naming convention: Signatures follow a clear naming convention to ensure organization and clarity: signatures/$vendor/$product/$service.yml For example, a signature for an OpenAI service might be located at signatures/openai/api/gpt.yml. Link to contributing signatures guide: To add new signatures for components not yet covered, or to improve existing ones, please refer to the contributing signatures guide.