HN Showcase
Back to browse
GitHub Repository

model-due-diligence is not a model safety verifier. It is a static evidence-gathering control for AI model supply-chain review. It supports provenance, artefact integrity, unsafe serialisation detection, secret exposure checks, suspicious code review, dependency risk detection, and audit reporting before first model execution.

1 starsPython

Model Due Diligence

by djhope99·Jun 13, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainNiche Gem

Aggregates ModelScan, Semgrep, and Bandit for AI model supply-chain review.

Strengths
  • Checks pickle, safetensors, and GGUF formats for unsafe serialization.
  • Detects exposed secrets and suspicious AST patterns like eval and exec.
  • Produces deterministic JSON reports suitable for CI/CD automation pipelines.
Weaknesses
  • Zero stars and forks suggests very early adoption and untested in production.
  • ModelScan already handles unsafe serialization detection independently.
Category
Security
Target Audience

ML engineers and security teams deploying AI models

Similar To

ModelScan · Semgrep · pip-audit

Post Description

model-due-diligence is a Python command-line tool for performing static evidence-gathering control for AI model supply-chain review. It supports provenance, artefact integrity, unsafe serialisation detection, secret exposure checks, suspicious code review, dependency risk detection, and audit reporting before first model execution.

Similar Projects

Security●●●Banger

A security scanner for AI Agent Skills

Docker sandbox execution catches runtime threats static analysis alone misses.

Big BrainBold Bet
mayziem
502mo ago
Security●●Solid

LLM AuthZ Audit – find auth gaps and prompt injection in LLM apps

Purpose-built LLM security linter covers OWASP Top 10, but static analysis has inherent blind spots.

Big BrainSolve My Problem
iamspathan
104mo ago