-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
Business Problem:
Customers using ACS to scan container images in their environment want to scan the AI model container images as well. They do not want those images to be a mystery as they contain packages and file systems like any other container.
Use Cases:
Customers deploying OpenShift AI along with OpenShift Lightspeed are bringing in AI models through container images like the granite-8b models. Those container images will be "running" in OpenShift AI and served for customer uses. The container images hosting the models will have CVEs like any other container image and need to be scanned like any other container image.
Key Functionality:
The main function to add is the ability for ACS to scan container images with AI models in the same, or similar, way as any standard container like the UBI images.
Benefits:
The primary benefit will be for customer to have the same insight into AI model containers that they have with any other container in their environment. Many customers have concerns about bringing AI models from outside systems to their environment. Currently being unable to scan those images for vulnerabilities enhances their concerns.
Acceptance criteria:
That AI model containers can be scanned and show results in the ACS dashboards in the same way that general containers, like UBI, show in the ACS dashboard. That the customer can see CVEs and CVSS scores in AI model containers in the same way as standard containers
Implementation Suggestions (optional):
- Integration: [Specify any existing systems or tools that the new feature should integrate with]
- Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components]
- User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]
Timeline:
AI adoption is increasing at a tremendous rate. We expect all of our ACS customers to inquire more about this feature in the near future. Currently only some have inquired because they are unaware of this challenge until they notice either an error from ACS about scanning the model container images or notice that there is no report in ACS for these images. The sooner we have this feature the better.
Please use the following Jira fields to complete this Feature Request
- [Jira Field] Summary Required: Add support for AI model container images
- [Jira Field] Description: ACS can scan AI model container images
- [Jira Field] Component: ACS
- [Jira Field] Priority: Medium
- [Jira Field] Supporting Documentation: None
- [Attach any relevant documents, research, or supporting materials that provide additional context or information]
Podman and oc-mirror cannot be used to copy the container images
```
podman pull registry.redhat.io/rhelai1/granite-8b-code-base:1.2
Trying to pull registry.redhat.io/rhelai1/granite-8b-code-base:1.2...
Error: parsing image configuration: unsupported image-specific operation on artifact with type "application/x-mlmodel"
```