Prisma AIRS
Scan a Hugging Face Model
Table of Contents
Scan a Hugging Face Model
Scan a model hosted on Hugging Face.
Scan a Hugging Face Model
To scan a model hosted on Hugging Face, provide the model URI and your security group
UUID. For Hugging Face AI models, only model_uri is required.
Before you start the model scanning
process:
- Ensure that the security group source type must match the source of the model that you are scanning. For example, you cannot use a S3 security group on a Hugging Face.
- Verify and ensure that HuggingFace.co domain (https://huggingface.co/) is allowed.
- Ensure that the ignore_patterns and allow_patters do not overlap with each other.
We don’t support private Hugging Face repositories. You can only scan public Hugging
Face repositories. If you want to scan private Hugging Face repository, then you can
download the model and scan it using local model scan.
When creating a scan, you can attach up to 50 custom labels
to help organize your scans.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ -l env=production
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", labels={ "env": "production" } ) print(f"Scan completed: {result.eval_outcome}")
The AI Model Security automatically fetches the latest version from Hugging Face. To
scan a specific version, include the version parameter.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ --model-version "7b40bb0f92c45fefa957d088000d8648e5c7fa33"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", model_version="7b40bb0f92c45fefa957d088000d8648e5c7fa33" )
Filter Files in Hugging Face Scans
Large Hugging Face repositories may contain files you don't need to scan. Use global
patterns to include or exclude specific files.
Scan using CLI
model-security scan \ --security-group-uuid "12345678-1234-1234-1234-123456789012" \ --model-uri "https://huggingface.co/microsoft/DialoGPT-medium" \ --allow-patterns "*.bin" "*.json" \ --ignore-patterns "*.md" "*.txt"
Scan using Python SDK
from model_security_client.api import ModelSecurityAPIClient # Initialize the client client = ModelSecurityAPIClient( base_url="https://api.sase.paloaltonetworks.com/aims" ) result = client.scan( security_group_uuid="12345678-1234-1234-1234-123456789012", model_uri="https://huggingface.co/microsoft/DialoGPT-medium", allow_patterns=["*.bin", "*.json"], ignore_patterns=["*.md", "*.txt"] )
