Skip to content

Commit 9bda467

Browse files
McPatateMcPatate
committed
feat: add third party scanners page
1 parent dec9f13 commit 9bda467

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

docs/hub/security.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,4 +20,5 @@ For any other security questions, please feel free to send us an email at securi
2020
- [Malware Scanning](./security-malware)
2121
- [Pickle Scanning](./security-pickle)
2222
- [Secrets Scanning](./security-secrets)
23+
- [3rd party scanners](./third-party-scanners)
2324
- [Resource Groups](./security-resource-groups)

docs/hub/third-party-scanners.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# 3rd Party scanners
2+
3+
*Interested in joining our security partnership / providing scanning information on the Hub? Please get in touch with us over at [email protected].*
4+
5+
We partner with 3rd party scanning providers in order to make the Hub safer. The same way files are scanned by our internal scanning system, public repositories' files are scanned by the 3rd party scanners we integrate.
6+
7+
Our frontend has been redesigned specifically for this purpose, in order to accomodate for new scanners:
8+
9+
<img class="block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/token-leak-email-example.png"/>
10+
11+
Here is an example repository you can check out to see the feature in action: [mcpotato/42-eicar-street](https://huggingface.co/mcpotato/42-eicar-street).
12+
13+
## Model security refresher
14+
15+
To share models, we serialize the data structures we use to interact with the models, in order to facilitate storage and transport. Some serialization formats are vulnerable to nasty exploits, such as arbitrary code execution (looking at you pickle), making sharing models potentially dangerous.
16+
17+
As Hugging Face has become the de facto platform for model sharing, we’d like to protect the community from this, hence why we have developed tools like [picklescan](https://github.com/mmaitre314/picklescan) and why we integrate 3rd party scanners.
18+
19+
Pickle is not the only exploitable format out there, [see for reference](https://github.com/Azure/counterfit/wiki/Abusing-ML-model-file-formats-to-create-malware-on-AI-systems:-A-proof-of-concept) how one can exploit Keras Lambda layers to achieve arbitrary code execution.
20+
21+
## Protect AI's Guardian
22+
23+
[Protect AI](https://protectai.com/)'s [Guardian](https://protectai.com/guardian) catches both pickle and Keras exploits. Guardian also benefits from reports sent in by their community of bounty [Huntr](https://huntr.com/)s.
24+
25+
<!-- insert image of report -->

0 commit comments

Comments
 (0)