poojakira/Model-Supply-Chain-Auditor

GitHub: poojakira/Model-Supply-Chain-Auditor

Stars: 0 | Forks: 0

# Model-Supply-Chain-Auditor [![CI](https://static.pigsec.cn/wp-content/uploads/repos/2026/06/30f0d339d7165234.svg)](https://github.com/poojakira/Model-Supply-Chain-Auditor/actions/workflows/ci.yml) ![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg) ![License: MIT](https://img.shields.io/badge/License-MIT-green.svg) ![Security: Hardened](https://img.shields.io/badge/Security-Hardened-green.svg) **ML Supply Chain Provenance & Security Auditor.** A specialized tool for verifying the integrity and safety of ML model artifacts (`.safetensors`, `.pt`, `.pkl`, `.ckpt`) before they enter your production environment. ## 🚀 Key Features ## 💻 CLI Examples ### 1. Basic Scanning # Scan a SafeTensors model (Recommended) python scan.py model.safetensors # Scan a legacy PyTorch/Pickle model (Requires opt-in) python scan.py model.pt --allow-pickle ### 2. Signing & Provenance # Generate a keypair python -c "from src.provenance.signer import generate_keys; generate_keys('my_model')" # Sign a model artifact python scan.py model.safetensors --sign my_model.pem # Verify a model signature python scan.py model.safetensors --verify my_model.pub ### 3. Policy-Based Audit # Run scan against a specific security policy python scan.py model.pt --policy policy.yaml ## 🔗 CI/CD Integration Integrate Model-Supply-Chain-Auditor into your GitHub Actions to block insecure models at the gate: jobs: model-audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Audit ML Models run: | pip install -r requirements.txt # Fail build if model is malicious or fails signature verification python scan.py models/deploy.safetensors --verify keys/prod_pub.pem - name: Upload Scan Results if: always() run: python scan.py models/deploy.safetensors --format sarif --output results.sarif ## 🛡️ Detection Coverage | Threat | Strategy | Status | | --- | --- | --- | | **Pickle RCE** | Static Opcode Analysis | ✅ Detected | | **Signature Fraud** | Ed25519 Verification | ✅ Prevented | | **Metadata Injection** | Regex/Pattern Matching | ✅ Detected | | **Archive Evasion** | Recursive ZIP extraction | ✅ Scanned | ## 📜 Documentation - [SECURITY.md](./SECURITY.md) - Disclosure policy and security scope. - [THREAT_MODEL.md](./THREAT_MODEL.md) - Assets, adversaries, and mitigations. **Status**: Flagship Tool. Essential for SEC-624 compliance and secure ML supply chains.