Logo

Artefact Scanners

Common questions this page answers:

  • What scanners does Bailo use?
  • How do I configure artefact scanning?
  • What is the ArtefactScan service?

Within Bailo, it is possible to optionally deploy artefact scanners which are designed to help manage any potential risk of artefacts being uploaded with potentially malicious contents.

The scanners currently supported by Bailo are:

  • ClamAV - traditional antivirus scanning for uploaded files
  • ArtefactScan - Bailo scanning service that orchestrates multiple scanners
    • ModelScan - malicious or unsafe content detection in model artefacts
    • Trivy - vulnerability scanning and SBOM (Software Bill of Materials) generation for container image layers

ClamAV

ClamAV provides traditional antivirus malware detection for uploaded files.

ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

ArtefactScan (Service)

ArtefactScan is an umbrella scanning service within Bailo.

  • Provides a single REST API for scanning
  • Routes artefacts to the appropriate scanner based on artefact type
  • Keeps scanner implementations explicit and interchangeable
  • Normalises scan orchestration (not scan results)

Scanners exposed via ArtefactScan:

  • ModelScan (/scan/file)
  • Trivy (/scan/image)

ModelScan

ModelScan is used to analyse uploaded model artefacts for unsafe or malicious content.

ModelScan is an open source project from Protect AI that scans models to determine if they contain unsafe code. It is the first model scanning tool to support multiple model formats. ModelScan currently supports: H5, Pickle, and SavedModel formats. This protects you when using PyTorch, TensorFlow, Keras, Sklearn, XGBoost, with more on the way.

Trivy

Trivy is used to analyse container image layers for known vulnerabilities and to generate SBOMs.

  • Provided via the ArtefactScan REST API
  • Integrated using a custom connector
  • Scans uploaded image layer tarballs (overlay filesystems)
  • Uses a locally cached Trivy vulnerability database

Trivy is an open-source vulnerability scanner from Aqua Security for containers and other artefacts.

Minimal configuration

Configure scanner settings in the backend application configuration. These settings will apply to all scanners.

  • connectors.artefactScanners.kinds - List of enabled artefact scanner kinds. Default: []
  • connectors.artefactScanners.retryDelayInMinutes - Minutes between repeated scans of the same artefact. Default: 60.
  • connectors.artefactScanners.maxInitRetries - Number of startup connection attempts before failing. Default: 5
  • connectors.artefactScanners.initRetryDelay - Delay between successive startup pings (milliseconds). Default: 5000.
  • connectors.artefactScanners.scanTimeoutMs - Number of milliseconds waited before a scan times out. Default: 60000.

Enabling or disabling specific scanners is handled via connector configuration and deployed microservices.


Copyright © Crown Copyright 2026.