R-TF-012-019 SOUPs

This document provides a comprehensive list of all Software of Unknown Provenance (SOUP) components used in the medical device software. Each SOUP has been evaluated for its functional requirements, performance characteristics, and regulatory compliance.

SOUP Summary Table

Package	Category	License	Version	Primary Use
Aioboto3	Library	Apache 2.0	≥15.4.0	Async AWS DynamoDB access for user auth, lockout, and audit logging
Albumentations	Library	MIT	≥2.0.0	Image preprocessing and augmentation for AI inference pipelines
Argon2-CFFI	Library	MIT	≥25.1.0	Secure password hashing using Argon2id algorithm
Authlib	Library	BSD-3-Clause	≥1.6.4	JWT token generation and validation for API authentication
Boto3	Library	Apache 2.0	≥1.41.0	AWS SDK for S3 storage, SSM config, and DynamoDB operations
Dependency Injector	Framework	BSD-3-Clause	≥4.48.0	Dependency injection and IoC container management
Dill	Library	BSD-3-Clause	≥0.4.0	Extended serialization for YOLO model checkpoints (indirect)
FastAPI	Framework	MIT	≥0.124.0	Primary HTTP/REST API framework for all microservices
Grad-CAM	Library	MIT	≥1.5.0	Explainable AI saliency maps for clinical transparency
HTTPX	Library	BSD-3-Clause	≥0.28.0	Async HTTP client for inter-service communication
NumPy	Library	BSD-3-Clause	≥1.26.0	Foundational numerical computing and array operations
PyNVML	Library	BSD-3-Clause	≥12.560.30	GPU monitoring and resource detection via NVIDIA NVML
OpenCV	Library	MIT/Apache 2.0	≥4.12.0	Computer vision preprocessing, contour extraction, visualization
Pillow	Library	MIT-CMU	≥12.0.0	Image decoding/encoding and ICC color space management
Psutil	Library	BSD-3-Clause	≥7.1.0	System resource monitoring (CPU, memory, disk)
Pydantic	Library	MIT	≥2.12.0	Data validation and domain model definitions
Pydantic Settings	Library	MIT	≥2.12.0	Environment-based configuration management
PyYAML	Library	MIT	≥6.0.2	YAML configuration file parsing
Segmentation Models PyTorch	Library	MIT	≥0.4.0	Semantic segmentation architectures (UNet, DeepLabV3+)
Starlette	Framework	BSD-3-Clause	≥0.49.0	ASGI middleware for correlation ID and request tracking
Timm	Library	Apache 2.0	≥1.0.9	Pre-trained image classification backbones (ConvNeXt, EfficientNet)
PyTorch	Framework	BSD	≥2.0.0	Deep learning framework for all AI/ML inference
TorchVision	Library	BSD-3-Clause	≥0.15.0	Image transforms and preprocessing for PyTorch models
Ultralytics YOLO	Library	AGPL-3.0	≥8.3.50	Object detection for lesion localization (YOLOv8)
Uvicorn	Framework	BSD-3-Clause	≥0.38.0	Production ASGI server for all FastAPI services

SOUP Categories Overview

Deep Learning & AI Framework

Package	Description
PyTorch	Core deep learning framework powering all neural network inference. Provides tensor computation, GPU acceleration, and the torch.nn.Module API used by all AI models.
TorchVision	Official computer vision library for PyTorch. Used for image preprocessing transforms (Resize, Normalize, ToTensor) in classification and segmentation pipelines.
Timm	PyTorch Image Models with 1,200+ pre-trained architectures. Provides ConvNeXt and EfficientNet backbones for clinical condition and quality classification.
Segmentation Models PyTorch	Encoder-decoder architectures for semantic segmentation. Powers pixel-level clinical sign detection using UNet, DeepLabV3+, and FPN models with EfficientNet/ResNet encoders.
Ultralytics YOLO	State-of-the-art object detection (YOLOv8). Used for lesion detection including acneiform lesions, hair follicles, hives, and inflammatory nodules with oriented bounding box support.
Grad-CAM	Explainable AI library for generating saliency maps. Produces GradCAM++ visualizations showing which image regions influenced AI predictions for regulatory compliance.

Web Framework & HTTP

Package	Description
FastAPI	High-performance async web framework. Serves as the primary REST API layer for the API Gateway, Control Plane, Expert Orchestrator, Report Builder, and all 50+ expert microservices.
Starlette	ASGI toolkit underlying FastAPI. Provides BaseHTTPMiddleware for correlation ID propagation and audit logging across the distributed microservice architecture.
Uvicorn	Lightning-fast ASGI server. Runs all production FastAPI services with multi-worker support, graceful shutdown, and custom logging integration for request tracing.
HTTPX	Modern async HTTP client. Powers the AsyncHttpClient wrapper for all inter-service communication with connection pooling, timeouts, and distributed tracing support.

Data Validation & Configuration

Package	Description
Pydantic	Data validation library using Python type hints. Defines all domain models, API contracts, and medical device compliance data with strict validation and immutability.
Pydantic Settings	Environment-based configuration. Manages settings for all 60+ microservices including JWT parameters, storage credentials, expert registry URLs, and inference device specs.
PyYAML	YAML parsing library. Provides safe configuration file loading via yaml.safe_load() for microservice initialization and operational parameters.
Dependency Injector	IoC container framework. Centralizes dependency management across 68+ Python modules with lifecycle control, factory patterns, and FastAPI integration.

Image Processing & Computer Vision

Package	Description
Pillow	Python Imaging Library fork. Handles image decoding/encoding, Base64 conversion, and ICC profile-based color space normalization to sRGB for consistent model inference.
OpenCV	Computer vision library (headless variant). Provides image resizing, color space conversion, CLAHE, geometric transforms, contour extraction, and overlay visualization.
Albumentations	Fast image augmentation library. Builds deterministic preprocessing pipelines with LongestMaxSize, PadIfNeeded, Normalize, and ToTensorV2 transforms.
NumPy	Foundational numerical computing. Represents images as NDArray[np.uint8], handles mask operations, probability aggregations, and array interoperability with PIL/PyTorch.

AWS Cloud Infrastructure

Package	Description
Boto3	Official AWS SDK. Provides S3 access for model weights and device labeling, SSM Parameter Store for centralized configuration, and synchronous DynamoDB operations.
Aioboto3	Async AWS SDK wrapper. Enables non-blocking DynamoDB operations in the API Gateway for user authentication, account lockout tracking, and API call audit logging.

Authentication & Security

Package	Description
Authlib	OAuth/JOSE library. Implements JWT token generation with HMAC-SHA256 signing and token validation with expiration claim enforcement for protected API endpoints.
Argon2-CFFI	Password hashing library. Provides Argon2id hashing (Password Hashing Competition winner) for secure credential storage with configurable memory-hard parameters.

System Monitoring & GPU

Package	Description
Psutil	Cross-platform system utilities. Monitors CPU utilization, memory usage, and disk capacity for operational health endpoints exposed via GET /system/resources.
PyNVML	NVIDIA Management Library bindings. Provides GPU detection, memory monitoring, utilization tracking, and temperature sensing for the distributed AI inference platform.

Serialization

Package	Description
Dill	Extended pickle library. Indirect dependency used by Ultralytics YOLO for serializing model checkpoints containing lambda functions and complex Python objects.

Regulatory Considerations

All SOUP components have been evaluated for:

1. License Compliance: All packages use permissive licenses (MIT, BSD, Apache 2.0) compatible with commercial medical device software, except Ultralytics which requires an enterprise license for commercial use.

2. Active Maintenance: Each SOUP is actively maintained with regular security updates and responsive maintainer teams.

3. Security Assessment: Known vulnerabilities are tracked and assessed for applicability to the medical device software context.

4. Functional Documentation: Each SOUP document includes detailed functional requirements, performance expectations, and hardware/software dependencies.

For detailed documentation of each SOUP component including functional requirements, performance criteria, and known anomaly assessments, refer to the individual SOUP pages linked in the table above.