AI model findings
Endor Labs’ scan can detect AI models and list them as dependencies. These models are flagged and displayed in the scan results. You can define custom policies to flag the usage of specific AI providers, specific AI models, or models with low-quality scores ensuring the use of secure and reliable AI models in your projects.
See AI models detection for the list of external AI models detected by Endor Labs. Only HuggingFace models are scored, as they are open source and provide extensive public metadata. Models from all other providers are detected but not scored due to limited metadata.
Detect AI models
Configure finding policies and perform an endorctl scan to detect AI models in your repositories and review the findings.
-
Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.
-
Download and install Semgrep Community Edition on your machine before you run a AI model scan.
Although Semgrep supports installation with Brew on macOS, it does not allow installing a specific version. To install Semgrep, you must have a Python environment with pip on your system. We recommend that you install Semgrep version 1.99.0.
pip install semgrep==1.99.0 -
Perform the endorctl scan using the following command:
endorctl scan --ai-models --dependencies
View AI model findings
-
To view all AI model findings detected in your tenant:
- Navigate to AI Inventory on the left sidebar to view AI findings.
- Use the search bar to look for any specific models.
- Select a model, and click to see its details.
- You can also navigate to Findings and choose AI Models to view findings.
- Navigate to AI Inventory on the left sidebar to view AI findings.
-
To view AI model findings associated with a specific project,
- Navigate to Projects and select a project.
- Navigate to Inventory and click AI Models under Dependencies to view findings.
View AI model findings through monitoring scans
By default, AI models are discovered during SCA scans run through GitHub App, Bitbucket App, Azure DevOps App, and GitLab App. You can view the reported AI models under AI Inventory in the left sidebar.
To generate AI model findings:
-
Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.
-
Download and install Semgrep Community Edition on your machine before you run a AI model scan.
Although Semgrep supports installation with Brew on macOS, it does not allow installing a specific version. To install Semgrep, you must have a Python environment with pip on your system. We recommend that you install Semgrep version 1.99.0.
pip install semgrep==1.99.0 -
To disable AI model discovery, set
ENDOR_SCAN_AI_MODELS=falsein your scan profile.
AI model detection
The following table lists the AI model providers currently supported by Endor Labs for model detection. For each provider, the table includes supported programming languages, if model scoring is available, and a reference link to the provider’s API documentation.
| AI model | Supported languages | Endor score | Reference |
|---|---|---|---|
| HuggingFace | Python | ✓ | https://huggingface.co/docs |
| OpenAI | Python, JavaScript, Java (beta), Go (beta), C# | ✗ | https://platform.openai.com/docs/libraries |
| Anthropic | Python, TypeScript, JavaScript, Java (alpha), Go (alpha) | ✗ | https://docs.anthropic.com/en/api/client-sdks |
| Python, JavaScript, TypeScript, Go | ✗ | https://ai.google.dev/gemini-api/docs/sdks | |
| AWS | Python, JavaScript, Java, Go, C#, PHP, Ruby | ✗ | https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html#sdk |
| Perplexity | Python | ✗ | https://docs.perplexity.ai/api-reference/chat-completions-post |
| DeepSeek | Python, JavaScript, Go, PHP, Ruby | ✗ | https://api-docs.deepseek.com/api/deepseek-api |
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.