Hugging Face's logo

Spaces:
highflame
/
SafeLLM-leaderboard
Sleeping

App Files Community
saucam commited on
Commit
5d245e8
Β·
1 Parent(s): 7c4fd9f

Update space

Browse files
Files changed (2) hide show
  1. Dockerfile +44 -0
  2. README.md +101 -1
Dockerfile ADDED
@@ -0,0 +1,44 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Dockerfile for Palisade Security Leaderboard on HuggingFace Spaces
2
+ # Optimized for Python 3.12 with stable dependencies
3
+
4
+ FROM python:3.12-slim-bookworm
5
+
6
+ # Install system dependencies
7
+ RUN apt-get update && apt-get install -y \
8
+ git \
9
+ curl \
10
+ && rm -rf /var/lib/apt/lists/*
11
+
12
+ # Create user (required by HF Spaces)
13
+ RUN useradd -m -u 1000 user
14
+ USER user
15
+
16
+ # Set up environment
17
+ ENV HOME=/home/user \
18
+ PATH=/home/user/.local/bin:$PATH \
19
+ PYTHONUNBUFFERED=1 \
20
+ GRADIO_SERVER_NAME="0.0.0.0" \
21
+ GRADIO_SERVER_PORT=7860
22
+
23
+ # Set working directory
24
+ WORKDIR $HOME/app
25
+
26
+ # Copy application files
27
+ COPY --chown=user:user requirements.txt .
28
+ COPY --chown=user:user leaderboard/ ./leaderboard/
29
+ COPY --chown=user:user scripts/ ./scripts/
30
+
31
+ # Install Python dependencies
32
+ RUN pip install --no-cache-dir --upgrade pip && \
33
+ pip install --no-cache-dir -r requirements.txt
34
+
35
+ # Expose Gradio port
36
+ EXPOSE 7860
37
+
38
+ # Health check
39
+ HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
40
+ CMD curl -f http://localhost:7860/ || exit 1
41
+
42
+ # Run the leaderboard
43
+ CMD ["python", "-m", "leaderboard.app"]
44
+
README.md CHANGED
@@ -7,4 +7,104 @@ sdk: docker
7
  pinned: false
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7
  pinned: false
8
  ---
9
 
10
+ # 🏰 Palisade Security Leaderboard
11
+
12
+ **Comprehensive security rankings for machine learning models**
13
+
14
+ [![Dataset](https://img.shields.io/badge/πŸ€—-Dataset-yellow)](https://huggingface.co/datasets/javelinai/palisade-scan-results)
15
+ [![Powered by Palisade](https://img.shields.io/badge/Powered%20by-Palisade-blue)](https://github.com/getjavelin/palisade)
16
+
17
+ ---
18
+
19
+ ## πŸ“Š About
20
+
21
+ This leaderboard displays security rankings for ML models scanned with **[Palisade](https://github.com/getjavelin/palisade)**,
22
+ a comprehensive security scanner that detects:
23
+
24
+ - 🎯 **Backdoors & Trojans** - Hidden malicious behaviors
25
+ - πŸ”“ **Pickle RCE** - Remote code execution vulnerabilities
26
+ - πŸ’₯ **Buffer Overflows** - Memory safety issues
27
+ - πŸ”— **Supply Chain Attacks** - Compromised dependencies
28
+ - πŸ” **Model Integrity** - Tampering detection
29
+ - 🎭 **Tokenizer Hijacking** - Malicious configurations
30
+
31
+ ## 🎯 Understanding the Scores
32
+
33
+ ### Security Score
34
+ **Lower is better!** Calculated as:
35
+ ```
36
+ Score = (Critical Γ— 100) + (High Γ— 50) + (Medium Γ— 10) + (Low Γ— 2)
37
+ ```
38
+
39
+ - **0-49**: βœ… Excellent security
40
+ - **50-99**: 🟑 Good security
41
+ - **100-199**: 🟠 Moderate concerns
42
+ - **200+**: πŸ”΄ Significant issues
43
+
44
+ ### Risk Levels
45
+
46
+ | Level | Meaning | Action |
47
+ |-------|---------|--------|
48
+ | 🟒 **Safe** | No significant issues | Deploy with confidence |
49
+ | 🟑 **Low** | Minor issues only | Review and monitor |
50
+ | 🟠 **Medium** | Some concerns | Fix before production |
51
+ | πŸ”΄ **High** | Serious issues | Use with caution |
52
+ | β›” **Critical** | Critical vulnerabilities | Do NOT use |
53
+
54
+ ## πŸ“ˆ Features
55
+
56
+ - **Interactive Filtering** - By risk level, score, and size
57
+ - **Rich Visualizations** - Charts and graphs powered by Plotly
58
+ - **Detailed Analysis** - Threat categories and MITRE ATT&CK mapping
59
+ - **SARIF Reports** - Industry-standard security reports
60
+ - **Real-time Updates** - Auto-refreshes from HuggingFace dataset
61
+
62
+ ## πŸ” Data Source
63
+
64
+ All scan results are stored in the public dataset:
65
+ **[javelinai/palisade-scan-results](https://huggingface.co/datasets/javelinai/palisade-scan-results)**
66
+
67
+ Models are scanned weekly with automated GitHub Actions.
68
+
69
+ ## 🀝 Contributing
70
+
71
+ Want to add a model to the leaderboard?
72
+
73
+ 1. Open an issue at [palisade-security/leaderboard](https://github.com/palisade-security/leaderboard)
74
+ 2. Provide the HuggingFace model ID (e.g., `meta-llama/Llama-2-7b-hf`)
75
+ 3. We'll scan it and add to the leaderboard!
76
+
77
+ ## πŸ› οΈ Technology Stack
78
+
79
+ - **Scanner**: [Palisade](https://github.com/getjavelin/palisade)
80
+ - **Frontend**: Gradio 4.27
81
+ - **Visualizations**: Plotly
82
+ - **Data**: HuggingFace Datasets
83
+ - **Hosting**: HuggingFace Spaces
84
+
85
+ ## πŸ“š Learn More
86
+
87
+ - [Palisade Documentation](https://github.com/getjavelin/palisade)
88
+ - [Leaderboard Repository](https://github.com/palisade-security/leaderboard)
89
+ - [SARIF Specification](https://docs.oasis-open.org/sarif/sarif/v2.1.0/)
90
+ - [MITRE ATT&CK for ML](https://atlas.mitre.org/)
91
+
92
+ ## πŸ“ž Support
93
+
94
+ - πŸ’¬ [Discord](https://discord.gg/javelin)
95
+ - πŸ“§ [Email](mailto:team@getjavelin.com)
96
+ - 🐦 [Twitter](https://twitter.com/getjavelin)
97
+
98
+ ---
99
+
100
+ <div align="center">
101
+
102
+ **Built with ❀️ by [Javelin](https://getjavelin.com)**
103
+
104
+ [Website](https://getjavelin.com) β€’
105
+ [GitHub](https://github.com/getjavelin) β€’
106
+ [Discord](https://discord.gg/javelin)
107
+
108
+ </div>
109
+
110
+