# LLM Supply Chain Vulnerabilities

- ID: go-llm-supply-chain
- Severity: HIGH
- CWE: Inclusion of Untrusted Functionality (CWE-829)
- Languages: Go

## Description

Detects supply chain vulnerabilities in AI/LLM implementations such as untrusted model sources or dynamic model loading.

## Detection Message

Potential supply chain vulnerability: {issue_type}

## Remediation

Use an allowlist for permitted models and verify integrity with checksums.

```go
if _, ok := allowedModels[modelID]; !ok {
    return errors.New("model not in allowlist")
}
```

Learn more: https://shoulder.dev/learn/go/cwe-829/llm-supply-chain

## Documentation

[object Object]

## Related Rules

- **LLM Supply Chain Vulnerabilities** [HIGH]: 
- **Container Using Latest Tag** [MEDIUM]: 
- **LLM Supply Chain Vulnerabilities** [HIGH]: