Endor Labs’ scan can detect AI models from HuggingFace used in Python projects and list them as dependencies. These models are flagged and displayed in the scan results. You can define custom policies to detect and flag models with low-quality scores, ensuring the use of secure and reliable AI models in your projects.
Detect AI models
Configure finding policies and perform an endorctl scan to detect AI models in your repositories and review the findings.
-
Configure finding policy to detect AI models with low scores.
-
Download and install Semgrep Community Edition on your machine before you run a AI model scan.
Although Semgrep supports installation with Brew on macOS, it does not allow installing a specific version. To install Semgrep, you must have a Python environment with pip on your system. We recommend that you install Semgrep version 1.99.0.
pip install semgrep==1.99.0
- Perform the endorctl scan using the following command:
endorctl scan --ai-models --dependencies
View AI model findings
-
To view all AI model findings detected in your tenant:
- Navigate to AI Models on the sidebar to view AI findings.
- Use the search bar to look for any specific models.
- Select a model, and click to see its details.
- You can also navigate to Findings and choose AI Models to view findings.
- Navigate to AI Models on the sidebar to view AI findings.
-
To view AI model findings associated with a specific project,
- Navigate to Projects and select a project.
- Select Dependencies and click AI Models to view findings.
