- Overview
- Users
- Managing Models and Releases
- Uploading Artifacts
- Creating a Model
- Completing the Model
- Creating a Release
- Uploading Files
- Uploading Images
- Using a Model
- Requesting Access
- Personal Access Tokens
- Using a Pushed Docker Image
- Downloading files
- Deletion
- Deleting a File
- Deleting a Model
- Soft Deletion
- Model Mirroring
- Creating a Mirrored Model
- Editing a Mirrored Model Card
- Reviews
- Reviewing Releases and Access Requests
- Reviewing a Release
- Reviewing an Access Request
- Reviewed Releases and Access Requests
- Releases
- Access Requests
- Programmatically using Bailo
- Authentication
- Open API
- Webhooks
- Python Client
- Administration
- Getting Started
- App Configuration
- Microservices
- Artefact Scanners
- Helm
- Basic Usage
- Configuration
- Isolated Environments
- Schema
- Create a Schema
- Upload a Schema
- Migrations
- Bailo v0.4
- Bailo v2.0
- DataBase Scripts
Artefact Scanners
Within Bailo, it is possible to optionally deploy artefact scanners which are designed to help manage any potential risk of artefacts being uploaded with potentially malicious contents.
The scanners currently supported by Bailo are:
- ClamAV - traditional antivirus scanning for uploaded files
- ArtefactScan - Bailo scanning service that orchestrates multiple scanners
ClamAV
ClamAV is used for traditional malware detection on uploaded files.
- Uses the official ClamAV Docker image
- Integrated via a custom connector
- Communicates using
clamscan
ClamAV® is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
ArtefactScan (Service)
ArtefactScan is an umbrella scanning service within Bailo.
- Provides a single REST API for scanning
- Routes artefacts to the appropriate scanner based on artefact type
- Keeps scanner implementations explicit and interchangeable
- Normalises scan orchestration (not scan results)
Scanners exposed via ArtefactScan:
- ModelScan (
/scan/file) - Trivy (
/scan/image)
ModelScan
ModelScan is used to analyse uploaded model artefacts for unsafe or malicious content.
- Provided via the ArtefactScan REST API
- Integrated using a custom connector
- Scans files such as Pickle, H5, and SavedModel formats
ModelScan is an open source project from Protect AI that scans models to determine if they contain unsafe code. It is the first model scanning tool to support multiple model formats. ModelScan currently supports: H5, Pickle, and SavedModel formats. This protects you when using PyTorch, TensorFlow, Keras, Sklearn, XGBoost, with more on the way.
Trivy
Trivy is used to analyse container image layers for known vulnerabilities and to generate SBOMs.
- Provided via the ArtefactScan REST API
- Integrated using a custom connector
- Scans uploaded image layer tarballs (overlay filesystems)
- Uses a locally cached Trivy vulnerability database
Trivy is an open‑source vulnerability scanner from Aqua Security for containers and other artefacts.
Minimal Configuration
| Name | Description | Value |
|---|---|---|
connectors.artefactScanners.kinds | List of enabled artefact scanner kinds | [] |
connectors.artefactScanners.retryDelayInMinutes | Minutes between repeated scans of the same artefact | 60 |
connectors.artefactScanners.maxInitRetries | Number of startup connection attempts before failing | 5 |
connectors.artefactScanners.initRetryDelay | Delay between successive startup pings (milliseconds) | 5000 |
Enabling or disabling specific scanners is handled via connector configuration and deployed microservices.
Copyright © Crown Copyright 2026.