This guide covers running ModelAudit in environments with no outbound internet access.
- Keep all scanning local to your controlled environment
- Avoid remote model downloads at runtime
- Disable telemetry explicitly
- Keep cache and temporary artifacts under your control
On a connected machine (one-time prep):
mkdir -p wheelhouse
pip download "modelaudit[all]" -d wheelhouseTransfer wheelhouse/ to the air-gapped environment, then install:
pip install --no-index --find-links wheelhouse "modelaudit[all]"If you only need specific scanners, replace [all] with targeted extras. ONNX is included by onnx/all on Python 3.10-3.12; add tensorflow on Python 3.11-3.12 only when TensorFlow-dependent checkpoint or weight analysis is required.
Set either variable (both is fine):
export PROMPTFOO_DISABLE_TELEMETRY=1
export NO_ANALYTICS=1Use local files/directories, not remote URIs:
- Do use:
modelaudit scan ./models/ - Do not use:
hf://...,models:/...,s3://...,gs://..., or hosted HTTP model URLs
For fully ephemeral scans:
modelaudit scan ./models --no-cache --format json --output results.jsonIf cache is enabled, inspect and clear it as needed:
modelaudit cache stats
modelaudit cache clearmodelaudit scan ./models \
--strict \
--format json \
--output modelaudit-report.jsonOptional controls:
--max-sizeto enforce artifact size boundaries--timeoutfor deterministic runtime limits--streamto process large local directories one file at a time while preserving the source files
- Install from internal artifacts only.
- Set telemetry-off environment variables.
- Restrict inputs to local paths.
- Export JSON/SARIF output for audit retention.
- Review non-zero exit codes (
1findings,2errors) in CI policy.