AI model findings
Endor Labs’ scan can detect AI models and list them as dependencies. These models are flagged and displayed in the scan results. You can define custom policies to flag the usage of specific AI providers, specific AI models, or models with low-quality scores ensuring the use of secure and reliable AI models in your projects.
See AI models detection for the list of external AI models detected by Endor Labs. Only HuggingFace models are scored, as they are open source and provide extensive public metadata. Models from all other providers are detected but not scored due to limited metadata.
When you run a scan with --ai-models option, Endor Labs downloads Opengrep for the scan and works seamlessly. If you wish, you can use Semgrep instead of Opengrep with Endor Labs. See Use Semgrep with Endor Labs for more information.
Detect AI models
Configure finding policies and perform an endorctl scan to detect AI models in your repositories and review the findings.
-
Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.
-
Run the endorctl scan using the following command.
endorctl scan --ai-models --dependencies
View AI model findings
-
To view all AI model findings detected in your tenant:
- Navigate to AI Inventory on the left sidebar to view AI findings.
- Use the search bar to look for any specific models.
- Select a model, and click to see its details.
- You can also navigate to Findings and choose AI Models to view findings.
- Navigate to AI Inventory on the left sidebar to view AI findings.
-
To view AI model findings associated with a specific project,
- Navigate to Projects and select a project.
- Navigate to Inventory and click AI Models under Dependencies to view findings.
View AI model findings through monitoring scans
By default, AI models are discovered during SCA scans run through GitHub App, Bitbucket App, Azure DevOps App, and GitLab App. You can view the reported AI models under AI Inventory in the left sidebar.
To generate AI model findings:
-
Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.
-
To disable AI model discovery, set
ENDOR_SCAN_AI_MODELS=falsein your scan profile.
AI model detection
The following table lists the AI model providers currently supported by Endor Labs for model detection. For each provider, the table includes supported programming languages, if model scoring is available, and a reference link to the provider’s API documentation.
| AI model | Supported languages | Endor score | Reference |
|---|---|---|---|
| HuggingFace | Python | ✓ | https://huggingface.co/docs |
| OpenAI | Python, JavaScript, Java (beta), Go (beta), C# | ✗ | https://platform.openai.com/docs/libraries |
| Anthropic | Python, TypeScript, JavaScript, Java (alpha), Go (alpha) | ✗ | https://docs.anthropic.com/en/api/client-sdks |
| Python, JavaScript, TypeScript, Go | ✗ | https://ai.google.dev/gemini-api/docs/sdks | |
| AWS | Python, JavaScript, Java, Go, C#, PHP, Ruby | ✗ | https://docs.aws.amazon.com/bedrock/latest/APIReference/welcome.html#sdk |
| Perplexity | Python | ✗ | https://docs.perplexity.ai/api-reference/chat-completions-post |
| DeepSeek | Python, JavaScript, Go, PHP, Ruby | ✗ | https://api-docs.deepseek.com/api/deepseek-api |
| Azure OpenAI | C#, Go, Java, Python | ✗ | https://learn.microsoft.com/en-us/azure/ai-foundry/ |
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.