>
    Strata Copilot
    Onboard a Hugging Face App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard a Hugging Face App to SSPM
    Download PDF
    SaaS Security

    Onboard a Hugging Face App to SSPM

    Table of Contents

    Onboard a Hugging Face App to SSPM

    Learn how you can manually provide SSPM with the configuration values for a Hugging Face instance.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    The onboarding process for Hugging Face is different from most applications, because SSPM does not support scans for Hugging Face. During the onboarding process for most applications, SSPM establishes a connection to your application instance by using credentials that you provide, such as a login password or an access token. After SSPM has established this connection, SSPM can scan your application instance's settings by using an API provided by the application or by using data extraction techniques.
    Although SSPM does not support scans for Hugging Face, you can still onboard a Hugging Face application to SSPM. However, when you onboard a Hugging Face application to SSPM, you don’t supply SSPM with any authentication credentials. SSPM does not establish a connection to your Hugging Face instance and does not run scans to determine the Hugging Face settings. Instead, you will manually enter your Hugging Face instance's settings, which SSPM will compare against its recommended settings. You can think of this process as a virtual onboarding. SSPM creates a tile on the Applications page to represent your Hugging Face instance, but this tile is isolated to SSPM. SSPM will show rule violations for the Hugging Face instance, but SSPM determines the violations based entirely on the information that you manually enter. If you change the value of a setting in your application instance, you must also manually update the setting value in SSPM. If you don’t keep the setting values synchronized, the rule violations that SSPM displays will be unreliable.
    To onboard a Hugging Face instance, you complete the following steps:
    1. Log in to the Hugging Face Enterprise hub as an administrator.
      Logging in will enable you to view the current values of the configuration settings, and, if necessary, update the settings to our recommended values.
    2. Log in to Strata Cloud Manager.
    3. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Hugging Face tile.
    4. On the Posture Security tab, Add New instance.
      SSPM displays the onboarding page, which lists the Hugging Face configuration settings and our recommended configuration values.
    5. From your Hugging Face instance, identify the configuration values, and provide these configuration values to SSPM.
      To avoid triggering rule violations in SSPM, you can update the values in Hugging Face to match our recommended values.
      You can enter the configuration values in the fields provided, or upload a comma-separated values (CSV) file that contains the configuration values. To simplify the process of creating the CSV file, you can download a CSV template file from SSPM. To upload a CSV file, complete the following steps:
      1. Select Upload Security Setting Values and then Download Template.
      2. Open the CSV template file in a spreadsheet application such as Microsoft Excel or Google Sheets.
      3. Enter the configuration values into the CSV template file, and save your changes.
      4. Upload your edited CSV file to SSPM, and Save. You can either drag and drop the file into the File Upload area or you can Browse to locate the file.
    6. Connect with Hugging Face.
      SSPM adds a tile on the Applications page to represent your Hugging Face instance. Based on the values that you entered, SSPM will determine if your Hugging Face instance has any rule violations.
      Because SSPM is not scanning your Hugging Face instance, you must ensure that the information that SSPM has about your Hugging Face instance remains accurate. If you change a setting value in Hugging Face, manually update that value in SSPM. To do this, complete the following steps:
      1. Navigate to the Applications page (SSPMApplications).
      2. Locate the Hugging Face instance's tile and View Details.
      3. Edit Current Value of the setting.

    © 2026 Palo Alto Networks, Inc. All rights reserved.