SaaS Security
Onboard a Hugging Face App to SSPM
Table of Contents
Onboard a Hugging Face App to SSPM
Learn how you can manually provide SSPM with the configuration values for a Hugging
Face instance.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
The onboarding process for Hugging Face is different from most
applications, because SSPM does not support scans for Hugging Face. During the
onboarding process for most applications, SSPM establishes a connection to your
application instance by using credentials that you provide, such as a login password
or an access token. After SSPM has established this connection, SSPM can scan your
application instance's settings by using an API provided by the application or by
using data extraction techniques.
Although SSPM does not support scans for Hugging Face, you can still onboard a
Hugging Face application to SSPM. However, when you onboard a Hugging Face
application to SSPM, you don’t supply SSPM with any authentication credentials. SSPM
does not establish a connection to your Hugging Face instance and does not run scans
to determine the Hugging Face settings. Instead, you will manually enter your
Hugging Face instance's settings, which SSPM will compare against its recommended
settings. You can think of this process as a virtual onboarding. SSPM creates a tile
on the Applications page to represent your Hugging Face instance, but this tile is
isolated to SSPM. SSPM will show rule violations for the Hugging Face instance, but
SSPM determines the violations based entirely on the information that you manually
enter. If you change the value of a setting in your application instance, you must
also manually update the setting value in SSPM. If you don’t keep the setting values
synchronized, the rule violations that SSPM displays will be unreliable.
To onboard a Hugging Face instance, you complete the following steps:
- Log in to the Hugging Face Enterprise hub as an administrator.Logging in will enable you to view the current values of the configuration settings, and, if necessary, update the settings to our recommended values.Log in to Strata Cloud Manager.Select and click the Hugging Face tile.On the Posture Security tab, Add New instance.SSPM displays the onboarding page, which lists the Hugging Face configuration settings and our recommended configuration values.From your Hugging Face instance, identify the configuration values, and provide these configuration values to SSPM.To avoid triggering rule violations in SSPM, you can update the values in Hugging Face to match our recommended values.You can enter the configuration values in the fields provided, or upload a comma-separated values (CSV) file that contains the configuration values. To simplify the process of creating the CSV file, you can download a CSV template file from SSPM. To upload a CSV file, complete the following steps:
- Select Upload Security Setting Values and then Download Template.Open the CSV template file in a spreadsheet application such as Microsoft Excel or Google Sheets.Enter the configuration values into the CSV template file, and save your changes.Upload your edited CSV file to SSPM, and Save. You can either drag and drop the file into the File Upload area or you can Browse to locate the file.Connect with Hugging Face.SSPM adds a tile on the Applications page to represent your Hugging Face instance. Based on the values that you entered, SSPM will determine if your Hugging Face instance has any rule violations.Because SSPM is not scanning your Hugging Face instance, you must ensure that the information that SSPM has about your Hugging Face instance remains accurate. If you change a setting value in Hugging Face, manually update that value in SSPM. To do this, complete the following steps:
- Navigate to the Applications page ().Locate the Hugging Face instance's tile and View Details.Edit Current Value of the setting.
