Enterprise Software Supply Chain Manager (ESSCM)IntegrationsAI Models

AI Models

Generate SBOMs from AI and machine learning models

AI Models

Generate SBOMs from AI and machine learning models to identify dependencies, frameworks, and potential vulnerabilities in your ML pipeline.

Supported Platforms

Platform	Description
Hugging Face	Connect and scan models from Hugging Face Hub

Why Scan AI Models?

AI models often contain:

Framework dependencies - TensorFlow, PyTorch, JAX, etc.
Data processing libraries - NumPy, Pandas, scikit-learn
Serialization formats - Pickle files, SafeTensors, ONNX
Embedded code - Custom layers, preprocessing functions
Configuration files - Model cards, tokenizer configs

Scanning these components helps identify:

Known vulnerabilities in dependencies
Outdated or deprecated libraries
Security issues in serialization formats
Supply chain risks in model components

Scanning Workflow

Connect to model repository - Link your Hugging Face account or model URL
Select models - Choose which models to scan
Analyze dependencies - Safeguard identifies all components
Generate SBOM - Create a comprehensive software bill of materials
Continuous monitoring - Track new vulnerabilities over time

Best Practices

Scan before deployment - Check models before pushing to production
Regular rescans - Dependencies may have new vulnerabilities discovered
Review model cards - Understand the model's training data and limitations
Use SafeTensors - Prefer SafeTensors over Pickle for security

Next Steps

Hugging Face Integration

OCI Registry

Connect Open Container Initiative compatible registries to generate SBOMs

Hugging Face

Connect Hugging Face models to generate SBOMs

On this page

AI Models Supported Platforms Why Scan AI Models?Scanning Workflow Best Practices Next Steps