stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/scanner/ai-ml-supply-chain-security-analysis-module.md

3.6 KiB
Raw Blame History

AI/ML Supply Chain Security Analysis Module

Module

Scanner

Status

IMPLEMENTED

Description

Dedicated scanner module for AI/ML supply chain security including EU AI Act risk classification, model card completeness analysis, training data provenance verification, bias/fairness analysis, and AI governance policy enforcement. Distinct from the existing "AI Authority Classification Engine" which focuses on VEX/advisory AI classification, not ML-BOM supply chain scanning.

Implementation Details

  • Core Analyzer:
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/AiMlSecurityAnalyzer.cs - IAiMlSecurityAnalyzer / AiMlSecurityAnalyzer orchestrates all AI/ML security checks
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/AiMlSecurityServiceCollectionExtensions.cs - DI registration
  • Analysis Context & Results:
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/AiMlSecurityContext.cs - AiMlSecurityContext input model
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/AiMlSecurityResult.cs - AiMlSecurityResult, IAiMlSecurityCheck interface for pluggable checks
  • Individual Analyzers (each implements IAiMlSecurityCheck):
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/AiSafetyRiskAnalyzer.cs - EU AI Act risk classification
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/ModelCardCompletenessAnalyzer.cs - Model card completeness scoring
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/ModelCardScoring.cs - Scoring logic for model card fields
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/TrainingDataProvenanceAnalyzer.cs - Training data lineage verification
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/BiasFairnessAnalyzer.cs - Bias and fairness analysis
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/ModelBinaryAnalyzer.cs - Model binary format analysis
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/ModelProvenanceVerifier.cs - Model provenance verification
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Analyzers/AiModelInventoryGenerator.cs - Generates inventory of discovered AI/ML models
  • Governance Policy:
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Policy/AiGovernancePolicyLoader.cs - Policy configuration loader
    • src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Policy/AiGovernancePolicy.cs - Policy model
  • Reporting: src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Reporting/AiMlSecurityReportFormatter.cs
  • Models: src/Scanner/__Libraries/StellaOps.Scanner.AiMlSecurity/Models/AiMlSecurityModels.cs
  • Worker Stage: src/Scanner/StellaOps.Scanner.Worker/Processing/AiMlSecurity/AiMlSecurityStageExecutor.cs

E2E Test Plan

  • Scan a container image containing ML model artifacts (e.g., ONNX, TensorFlow SavedModel, PyTorch)
  • Verify AiModelInventoryGenerator discovers and lists all ML models in the scan results
  • Verify ModelCardCompletenessAnalyzer produces findings for models with missing/incomplete model cards
  • Verify AiSafetyRiskAnalyzer assigns EU AI Act risk classification (unacceptable, high, limited, minimal)
  • Verify TrainingDataProvenanceAnalyzer flags models without verifiable training data lineage
  • Verify BiasFairnessAnalyzer produces bias/fairness findings where applicable
  • Verify ModelBinaryAnalyzer identifies model format and potential binary-level issues
  • Verify all findings appear in the unified scan report and SARIF export