Scan Your ML Models
The jf malicious-scan command enables Data Scientists and ML Engineers to perform on-demand security scans of machine learning models stored on their local file system. As AI adoption accelerates, this tool provides critical visibility into whether model binaries (such as Pickles or H5 files) contain malicious code capable of Remote Code Execution (RCE) or other security threats.
By scanning models before they are loaded into memory, you can ensure the integrity of 1st-party and downloaded models, reducing the risk of compromising development environments.
- This feature is currently in Beta and is available for users with a JFrog Advanced Security (JAS) license.
- The scanner checks for malicious payloads and risky code execution logic (e.g., Lambda injections, reverse shells) triggered upon model loading.
- On-demand scan results are for local visibility and are not currently persisted in the JFrog Platform UI.
Supported Model Formats
The scan supports a wide range of ML model formats, including:
- Pickle:
.pkl,.dat,.pickle,.cloudpickle,.cpkl - PyTorch:
.bin,.pt,.pth,.ckpt - Keras/H5:
.h5,.hdf5,.keras - Other:
.npy,.npz,.joblib,.dill,.pb(SavedModel),.gguf,.pdparams(Paddle)
Command Options
Command: jf malicious-scan (alias: jf ms)
| Option | Required | Default | Description |
|---|---|---|---|
--working-dirs | No | Root directory | A comma-separated list of relative working directories to scan. If not provided, a recursive scan is triggered from the root. |
--format | No | table | Defines the output format: table, json, simple-json, sarif, or cyclonedx. |
--min-severity | No | — | Minimum severity of issues to display: Low, Medium, High, or Critical. |
--threads | No | 3 | Number of parallel threads used for scanning. |
--server-id | No | Default server | JFrog server ID configured via jf c add. |
--insecure-tls | No | false | Set to true to skip TLS certificate verification. |
Examples
Scan the current directory recursively Displays all detected malicious models in a human-readable table.
jf malicious-scanScan specific directories Audits the models and lab/experiments folders.
jf malicious-scan --working-dirs="./models,./lab/experiments"Output in JSON format Useful for automation and integration with other security tools.
jf malicious-scan --format=jsonUpdated about 5 hours ago