Scan Model Files¶
Once the Model Scanner CLI image has been deployed, it can be run as a container using the docker run command as described below.
- See Deploy Model Scanner CLI for deployment instructions.
- See Command-line Arguments for more information about CLI input and output arguments.
Set Environment Variables¶
Export your HiddenLayer information (product license, API key, and API secret).
- Replace
%HIDDENLAYER_LICENSE%with your HiddenLayer license. - Replace
%HL_API_KEY%and%HL_API_SECRET%with your HiddenLayer API key and secret, generated in the Console. - Replace
%HIDDENLAYER_PLATFORM_HOSTNAME%with the URL for your Console. Example:http://server1.test.hiddenlayer.com. - For Windows systems, replace
exportwithset.
export HL_LICENSE=%HIDDENLAYER_LICENSE%
export HL_CLIENT_ID=%HL_API_KEY%
export HL_CLIENT_SECRET=%HL_API_SECRET%
export HL_MODEL_SCANNER_PLATFORM_RESULTS_URL=%HIDDENLAYER_PLATFORM_HOSTNAME%
export HL_MODEL_SCANNER_TOKEN_URL=%HIDDENLAYER_PLATFORM_HOSTNAME%
Scan a Folder¶
Scan all model files within a specified folder.
Select OS
Select your operating system to view file scan instructions.
- Replace
/home/users/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm \
-e HL_LICENSE \
-e HL_CLIENT_ID \
-e HL_CLIENT_SECRET \
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL \
-e HL_MODEL_SCANNER_TOKEN_URL \
-v /home/user/models:/files-to-scan \
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped \
--input /files-to-scan --persist --model-name=<model_name_in_console>
- Replace
/home/users/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm \
-e HL_LICENSE \
-e HL_CLIENT_ID \
-e HL_CLIENT_SECRET \
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL \
-e HL_MODEL_SCANNER_TOKEN_URL \
-v /home/user/models:/files-to-scan \
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped \
--input /files-to-scan --persist --model-name=<model_name_in_console>
- Replace
c:/work/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm ^
-e HL_LICENSE ^
-e HL_CLIENT_ID ^
-e HL_CLIENT_SECRET ^
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL ^
-e HL_MODEL_SCANNER_TOKEN_URL ^
-v c:/work/models:/files-to-scan ^
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped ^
--input /files-to-scan --persist --model-name=<model_name_in_console>
Scan a File¶
Scan a single file by including the file name with the --input.
Select OS
Select your operating system to view file scan instructions.
- Replace
/home/users/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_file>with the file name. Example:--input /files-to-scan/test_model.pkl. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm \
-e HL_LICENSE \
-e HL_CLIENT_ID \
-e HL_CLIENT_SECRET \
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL \
-e HL_MODEL_SCANNER_TOKEN_URL \
-v /home/user/models:/files-to-scan \
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped \
--input /files-to-scan/<model_file> --persist --model-name=<model_name_in_console>
- Replace
/home/users/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_file>with the file name. Example:--input /files-to-scan/test_model.pkl. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm \
-e HL_LICENSE \
-e HL_CLIENT_ID \
-e HL_CLIENT_SECRET \
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL \
-e HL_MODEL_SCANNER_TOKEN_URL \
-v /home/user/models:/files-to-scan \
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped \
--input /files-to-scan/<model_file> --persist --model-name=<model_name_in_console>
- Replace
c:/work/modelswith the path on the local machine where models to be scanned are located. - Replace
<model_file>with the file name. Example:--input /files-to-scan/test_model.pkl. - Replace
<model_name_in_console>with either the name of an existing model from the inventory (to add a new scan version to the existing model) or a new, unique name (to create a new model entry in the inventory). - Using
--persistadds the scan results to an existing model in the AISec Platform Console.
docker run --rm ^
-e HL_LICENSE ^
-e HL_CLIENT_ID ^
-e HL_CLIENT_SECRET ^
-e HL_MODEL_SCANNER_PLATFORM_RESULTS_URL ^
-e HL_MODEL_SCANNER_TOKEN_URL ^
-v c:/work/models:/files-to-scan ^
images.hiddenlayer.ai/proxy/aisec-platform/ghcr.io/hiddenlayer-engineering/modelscanner-src:airgapped ^
--input /files-to-scan/<model_file> --persist --model-name=<model_name_in_console>
Inspect Scan Results of Test ML Model¶
At scan completion, a scan result similar to the following will be emitted to stdout.
Scan results will be JSON-minified, but are shown formatted here for readability.
{
"scan_id": "13c0f8a4-c938-43ee-9d95-2803ccd7de10",
"start_time": "2025-02-12T17:55:36.511Z",
"end_time": "2025-02-12T17:55:36.517Z",
"status": "done",
"version": "latest",
"$schema_version": "3.1.0",
"inventory": {
"requested_scan_location": "/files-to-scan/ZS_withConfig.nemo",
"model_id": "00000000-0000-0000-0000-000000000000",
"model_name": "cli-latest-cdffd55e-802b-4440-8403-698e930e5bb9",
"model_version": "1739382936",
"model_version_id": "00000000-0000-0000-0000-000000000000"
},
"file_results": [
{
"file_instance_id": "01c8c57d-dd77-488b-b459-709f1933f7b2",
"file_location": "/files-to-scan/ZS_withConfig.nemo",
"status": "done",
"start_time": "2025-02-12T17:55:36.511Z",
"end_time": "2025-02-12T17:55:36.517Z",
"details": {
"sha256": "6a15d94d7c9a67d2574ba8226cfa7d678524899d61f18f98cb218da6e30f0570",
"file_type": "TAR",
"file_type_details": {},
"estimated_time": ""
},
"seen": "2025-02-12T17:55:36.511Z",
"detections": [
{
"detection_id": "b3598a21-bdb0-4f4d-9c66-c7f127894b43",
"rule_id": "NEMO_0008_202408",
"category": "Decompression Vulnerabilities",
"description": "Archive Contains Tar Slip attack, which can be used to overwrite files on the system.",
"severity": "high",
"mitre_atlas": [
{
"technique": "AML.T0010",
"tactic": "AML.TA0004"
}
],
"owasp": [
"ML06",
"LLM05"
],
"cwe": "",
"cwe_href": ""
}
]
}
],
"detection_count": 1,
"file_count": 1,
"files_with_detections_count": 1,
"summary": {
"detection_count": 1,
"file_count": 1,
"severity": "high",
"files_with_detections_count": 1,
"detection_categories": [
"Decompression Vulnerabilities"
]
}
}