Skip to main content
Skip table of contents

View your AI Components and Models Reports

Overview

The AI Components and AI Models reports allow you to view all AI models integrated with your applications.

After initiating a scan with the Mend CLI, you can review the findings within your organization in the Mend Platform.

Getting it done

Prerequisites

  • A Mend AI entitlement for your organization.

  • Mend AI discovers AI frameworks and third-party AI models and providers automatically as part of an SCA CLI scan (mend ua / mend dep / mend sca), however it uses a separate scanner, which must be enabled for automatic AI discovery to take place as part of your SCA scans.

To run an SCA scan, please follow the steps in this article.

Preparing your Report

You can access the AI Components and AI Models reports on two levels within the Mend Platform:

  1. Application level.

  2. Project level.

To access the AI Components or AI Models reports, simply navigate through the Applications or Projects view in the Mend AppSec Platform and select the desired application or project.

AI Components

In the selected Application/Project, click ‘AI Components’ on the left-pane menu:

image-20250529-062223.png

AI Models

In the selected Application/Project, click ‘AI Models’ on the left-pane menu:

The AI Models report displays all the LLM components found in your application/project inventory.

image-20250529-062609.png

The following information is displayed for each model:

  • Model: The name and version of the model library found in your application code.

  • Project: In the context of an application, displays the number of projects containing the AI model.

  • Category: Indicates whether the AI model is provided as a inference provider (AI Service) or runs locally (Self-Hosted).

  • Provider: If the model is not self-hosted, this refers to the external company that provides inference services and API access for the AI model.

  • Model Author: Entity author, i.e., the company who developed the model (e.g., OpenAI, Antrophic, etc.).

  • Origin Type: The detection mechanism used to identify the component. Possible values: code - component was detected through source code scanning, artifacts - component was detected in AI artifacts during static or dynamic analysis.

  • Origin: The location or path where the component was discovered, indicating its source in the system or project.

  • Type: The AI-model type (e.g., Open-source, Service).

  • Hugging-Face Risk Factor: Identified risks associated with Hugging Face AI models based on Hugging Face advisory:
    ✅ No Findings – No known vulnerabilities.
    🟢 False Positive – Reported by Hugging Face, but tested safe by Mend.
    🔴 Confirmed Unsafe – Verified by Mend vulnerability researchers.
    🟠 Unconfirmed Unsafe – Reported by Hugging Face, not yet validated.

  • Model License: Specifies the model's licensing type. If open-source, it includes details about the license (e.g., MIT, Apache). Not applicable for proprietary or closed-source models.

  • Homepage: A reference URL to the library’s or LLM's homepage.

  • Provider ToS: The provider’s terms of service, if applicable.

Exporting your Report

AI Components

You can export the AI Components table to .CSV by clicking the Export to CSV button located at the far right:

image-20250529-063733.png

AI Models

  1. Click Export to CSV to export the AI Models data to .CSV

  2. Click Create Report to generate a report capturing the data in the AI Models table.

Both buttons are located at the right edge of the screen just above the table itself.

image-20250529-063901.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.