Discovery of Third-Party AI Models and Providers

Note: This feature is a closed beta and requires a Mend AI entitlement for your organization.

Overview

The following article aims to explain the steps to take within the Mend AppSec Platform to benefit from Mend AI’s discovery of Third-Party AI Models and Providers in your project/application inventory.

Note: Mend AI’s Third-Party AI Models and Providers discovery is at the code-level, not the artifact-level (contradictory to earlier iterations of this offering).

Getting it done

Prerequisites

• A Mend AI entitlement for your organization.

• Mend AI discovers third-party AI models automatically as part of an SCA CLI scan (mend ua / mend dep / mend sca), however it uses a separate scanner, which must be enabled for automatic AI discovery to take place as part of your SCA scans.

To run an SCA scan, please follow the steps in this article.

The Steps

Step 1 - Navigate to the application you wish to review under Applications.

Step 2 - Once in the desired application, select AI → AI Inventory from the left-pane menu.

This will take you to the AI Inventory table, containing a list of Models, accompanied by a lot of relevant information such as the number of Projects in the application that use the model in question, the model Type, Service Provider, License, Origin and more.

Step 3 - Click a desired finding in the AI Inventory table. This will take you to its Finding Details window, where you can get an overview of the finding:

The Overview tab will, among other things:
A. List the Project(s) in which the finding was detected.
B. Provide a Description of the finding.
C. Show you the relevant Lines in the code.
D. Allow you to review the source code in GitHub, by clicking “Show full source code on GitHub”.

Limitations

• Mend AI is currently supported in the Mend CLI using the mend ua, mend dep and mend sca commands.
  It is not currently supported in repository integrations.