docs: add ML-BOM model card example

[Rul1an]

What changed

Adds a compact ML-BOM example to the official BOM examples collection.

The example shows one fictional application, one machine-learning-model component, two data components, an inline modelCard, dataset references from modelCard.modelParameters.datasets[], and top-level dependency links from the model to the dataset components.

Why

CycloneDX already supports ML-BOM use cases in the specification, but this examples repo does not currently have an ML-BOM family directory. A small schema-valid example can give implementers a copyable starting point without requiring them to read the full schema first.

Related: #50 explored a broader ML-BOM example set. This PR is intentionally narrower and focuses on one schema-valid model-card/dataset-reference path.

Boundary

The model, datasets, URLs, and metric values are fictional. They are included only to demonstrate CycloneDX structure, not to make claims about a real model, dataset, performance result, license, safety posture, or deployment.

Validation

Ran locally:

jq . MLBOM/Model-Card-With-Dataset/bom.json

git diff --check

python3 local markdown-link check for README links

npx --yes ajv-cli@5.0.0 validate
-s /tmp/cyclonedx-specification/schema/bom-1.7.schema.json
-r /tmp/cyclonedx-specification/schema/spdx.schema.json
-r /tmp/cyclonedx-specification/schema/jsf-0.82.schema.json
-r /tmp/cyclonedx-specification/schema/cryptography-defs.schema.json
-d MLBOM/Model-Card-With-Dataset/bom.json
--strict=false

The AJV run reports the expected unknown-format warnings for schema formats not loaded by ajv-cli, then validates the BOM as valid.

[Copilot]

Pull request overview

Adds a new ML-BOM examples section to the CycloneDX BOM examples repository, including a compact, schema-valid example demonstrating a model card with dataset references and dependencies.

Changes:

• Added MLBOM to the top-level examples index.
• Introduced a new MLBOM/ directory with an index README.
• Added a “Model Card With Dataset References” ML-BOM example (JSON BOM + README).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
README.md	Adds MLBOM to the top-level BOM type table.
MLBOM/README.md	Introduces the ML-BOM examples index and links to the new example.
MLBOM/Model-Card-With-Dataset/bom.json	Provides a compact ML-BOM example with a model card, dataset references, and dependencies.
MLBOM/Model-Card-With-Dataset/README.md	Documents what the example demonstrates and its illustrative nature.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Rul1an]

Small downstream context, no action needed here: I also shipped an Assay-side receipt path around this same narrow ML-BOM idea: one selected machine-learning-model component, with dataset/model-card handling kept refs-only rather than importing full BOM, model-card, dataset, graph, safety, or compliance truth.

It stays outside CycloneDX and is framed as downstream use of the existing ML-BOM structure, not as an integration, support, or partnership claim. This PR can stay just a compact schema-valid example.

Assay release: https://github.com/Rul1an/assay/releases/tag/v3.8.0
Latest note: https://github.com/Rul1an/assay/blob/main/docs/notes/EVIDENCE-RECEIPTS-FOR-AI-OUTCOMES-RUNTIME-DECISIONS-MODEL-INVENTORY.md
Recipe: https://github.com/Rul1an/Assay-Harness/blob/v0.3.1/docs/CYCLONEDX_MLBOM_MODEL_RECEIPT_PIPELINE.md