Skip to main content
Skip table of contents

Discovery of AI Frameworks

Note: This feature is a closed beta and requires a Mend AI entitlement for your organization.

Overview

This article aims to explain how to use AI Frameworks and also touches upon its current limitations.

Prerequisites

  • A Mend AI entitlement for your organization.

  • Mend AI discovers AI Frameworks automatically as part of an SCA CLI scan (mend ua / mend dep / mend sca), however it uses a separate scanner, which must be enabled for automatic AI discovery to take place as part of your SCA scans.

To run an SCA scan, please follow the steps in this article.

Getting it done

Mend AI-enabled organizations in the AppSec Platform are now equipped with default system labels for AI. These labels are essential to the experience of consuming AI Frameworks data provided by Mend AI.

image-20241129-074948.png

Figure A - System Labels for AI in the Main Dashboard of your Organization

The Steps

Step 1 - Check the relevant AI labels in your organization’s main Security Dashboard.

At this stage, the AppSec Platform will filter the Applications in the dashboard based on the selected labels.

Step 2 - Click the Applications widget.

image-20241129-074744.png

Figure B - Selected Labels to Display Apps/Projects Containing RAG and HuggingFace AI Frameworks

Step 3 - Click the Labels column on the application you wish to review

image-20241129-080353.png

Step 4 - You are now taken to the application’s Labels window, where all the AI Frameworks are listed

image-20241129-080634.png

Figure D - A List of AI Frameworks in the Application

How Does Mend AI Identify AI Frameworks?

Mend AI searches through the package inventory of your application/project to identify AI frameworks.
This is done in a few ways:

  1. Mend AI flags a specific package, e.g., OpenAI.

  2. Mend AI relies on a set of packages that tells a story about a specific framework.

  3. In more advanced cases, we have a set of AI frameworks that can tell a story about another important framework.
    In the case of RAG, in this example, we have a vector database, an embedding model and a generator model.

    image-20241129-082457.png

    Mend AI flags important AI packages, e.g., OpenAI

image-20241129-082658.png

Mend AI flags sentence transformers, which are related to an open-source embedding model


Limitations

  • Mend AI is currently supported in the Mend CLI using the mend ua, mend dep and mend sca commands.
    It is not currently supported in repository integrations.

  • No dedicated column/view for the evidence (Roadmap Item)

  • No organization-level statistics (Roadmap Item)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close