e/enable-flexible-generation">Enable flexible generation
  • Evaluate generator quality
  • Export and import generators
  • Manage generators
  • Live-probe generators
  • Fine-tuning LLMs
  • _RARE_ values
  • Connectors
  • Synthetic datasets
  • FEATURES
  • Organizations
  • User profiles
  • Public and private resources
  • Search
  • Usage and credits
  • Notifications
  • ADMINISTRATION
  • RELEASES AND SUPPORT
  • Release notes
  • Release support lifecycle
  • Support
    • InstallationCompliance

    OCI compliance and security of MOSTLY AI container images

    Learn about the OCI compliance and security scans of MOSTLY AI container images.

    Are MOSTLY AI container images OCI Compliant?

    While MOSTLY AI images do not go through a formal OCI compliance check, we consider the images compliant on the Image Specification and Distribution Specification.

    MOSTLY AI uses Red Hat Universal Base Images (UBI) as a base image, builds images with Docker, and stores them in DockerHub.

    Can I run MOSTLY AI on any Kubernetes distribution?

    MOSTLY AI does not impose a Kubernetes distribution to customers. You are free to run MOSTLY AI on any Kubernetes distribution you like.

    The list of the officially supported distributions are:

    How do I make sure to run MOSTLY AI in an OCI Compliant environment?

    MOSTLY AI assumes that the officially supported Kubernetes distributions are compliant with the Runtime Specification of OCI.

    If you are using a different Kubernetes distribution, check with the vendor if the runtime environment is OCI compliant.

    Do you scan your images for vulnerabilities?

    MOSTLY AI uses Trivy Open Source vulnerability scanner in CI/CD pipelines and the scans of DockerHub, when pushing to the MOSTLY AI repository.

    How are connector secrets stored in MOSTLY AI?

    The secrets (passwords, API keys, secret keys, and so on) for each saved connector in MOSTLY AI are stored in encrypted form in the PostgreSQL database that is part of the MOSTLY AI application services. The secrets are not only encrypted at rest, but also in transit.