Veritensor:用於掃描AI模型惡意軟體和授權問題的開源工具
Veritensor是一個新推出的開源零信任安全平台,旨在掃描AI供應鏈中的AI模型,以發現惡意軟體和授權合規性問題。它採用深度抽象語法樹(AST)分析和加密簽名技術,確保只有經過驗證且合規的模型才能進入生產環境。
Navigation Menu
Search code, repositories, users, issues, pull requests...
Provide feedback
We read every piece of feedback, and take your input very seriously.
Saved searches
Use saved searches to filter your results more quickly
To see all available qualifiers, see our documentation.
Veritensor is the Zero-Trust security platform for the AI Supply Chain. We replace naive scanning with deep AST analysis and cryptographic signing. From CI/CD to Kubernetes runtime, Aegis ensures only verified, safe, and compliant models ever reach production. Stop guessing, start proving.
License
Uh oh!
There was an error while loading. Please reload this page.
ArseniiBrazhnyk/Veritensor
Folders and files
Latest commit
History
Repository files navigation
🛡️ Veritensor: AI Supply Chain Security
Veritensor is the Zero-Trust security platform for the AI Supply Chain. We replace naive scanning with deep AST analysis and cryptographic verification.
Unlike standard antiviruses, Veritensor understands AI formats (Pickle, PyTorch, Keras, GGUF) and ensures that your models:
🚀 Features
📦 Installation
Via PyPI (Recommended for local use)
Lightweight installation (no heavy ML libraries required).
Via Docker (Recommended for CI/CD)
⚡ Quick Start
1. Scan a local model
Check a file or directory for malware:
Example Output:
2. Verify against Hugging Face
Ensure the file on your disk matches the official version from the registry (detects tampering):
3. License Compliance Check
Veritensor automatically reads metadata from safetensors and GGUF files.
If a model has a Non-Commercial license (e.g., cc-by-nc-4.0), it will raise a HIGH severity alert.
To override this (Break-glass mode), use:
📊 Reporting & Compliance
Veritensor supports industry-standard formats for integration with security dashboards and audit tools.
1. GitHub Security (SARIF)
Generate a report compatible with GitHub Code Scanning:
2. Software Bill of Materials (SBOM)
Generate a CycloneDX v1.5 SBOM to inventory your AI assets:
3. Raw JSON
For custom parsers and SOAR automation:
🔐 Supply Chain Security (Container Signing)
Veritensor integrates with Sigstore Cosign to cryptographically sign your Docker images only if they pass the security scan.
1. Generate Keys
Generate a key pair for signing:
2. Scan & Sign
Pass the --image flag and the path to your private key (via env var).
3. Verify (In Kubernetes / Production)
Before deploying, verify the signature to ensure the model was scanned:
🛠️ Integrations
GitHub Actions
Add this to your .github/workflows/security.yml to block malicious models in Pull Requests:
Pre-commit Hook
Prevent committing malicious models to your repository. Add this to .pre-commit-config.yaml:
📂 Supported Formats
⚙️ Configuration
You can customize security policies by creating a veritensor.yaml file in your project root.
Pro Tip: You can use regex: prefix for flexible matching.
🧠 Threat Intelligence (Signatures)
Veritensor uses a decoupled signature database (signatures.yaml) to detect malicious patterns. This ensures that detection logic is separated from the core engine.
📜 License
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
About
Veritensor is the Zero-Trust security platform for the AI Supply Chain. We replace naive scanning with deep AST analysis and cryptographic signing. From CI/CD to Kubernetes runtime, Aegis ensures only verified, safe, and compliant models ever reach production. Stop guessing, start proving.
Topics
Resources
License
Uh oh!
There was an error while loading. Please reload this page.
Stars
Watchers
Forks
Releases
6
Packages
0
Languages
Footer
Footer navigation
相關文章