poojakira/LLM-Guard-Scanner

# LLM-Guard-Scanner **TL;DR**: ML Security Engineer Portfolio Component - LLM-Guard-Scanner **Demo**: `make smoke` **Evidence**: `sarif_output.json` # LLM-Guard-Scanner This repository has undergone a comprehensive security audit and remediation by the Manus Security Audit Agent. ## Key Security Enhancements: - **Remote Code Execution (RCE) Prevention:** Hardened against subprocess calls, secured with , and resolved GitHub Actions script injection vulnerabilities. - **Network & API Hardening:** Eliminated wildcard CORS configurations, fixed bind-all-interfaces () defaults, and added URL scheme validation to prevent exploits. - **Supply Chain Security:** Addressed HuggingFace revision pinning risks and ensured artifact integrity. - **ML Engineering Best Practices:** Enforced PyTorch in DataLoaders and applied read-only filesystems to Docker services. - **Logging:** Replaced statements with structured logging for better observability and security monitoring. These changes reflect a commitment to robust ML security engineering practices, aligning with 2026 industry standards for Lead ML Security Engineers. For a detailed report of all findings and remediations, please refer to the main audit report. ## Threat Model - **Assets**: ML Models, Training Data - **Adversaries**: Script kiddies, AI-automated attackers - **Mitigations**: Hardened CI/CD, Input Validation, SARIF Auditing