Skip to main content
This is the official documentation website for safedep.io. Here you will find everything you need to know about using SafeDep vet, SafeDep Cloud and other SafeDep tools to safeguard your application against open source software supply chain risks.

Why SafeDep?

SafeDep continuously scans open source packages for malicious code using a combination of static and dynamic analysis. Suspicious packages are verified by security experts to confirm malicious behavior. Tools like vet and PMG leverage SafeDep’s malicious package detection capabilities to protect applications against open source software supply chain risks.

How SafeDep Works

The diagram below shows how SafeDep works to protect your open source software supply chain against malicious packages.

What’s Next?

Install SafeDep GitHub App

Protect your GitHub repositories against malicious open source packages

Quick Start with vet

Start identifying OSS risks using our free, open-source tool

Integration Guides

Integrate with GitHub, GitLab, and other CI/CD platforms

Join Community

Connect with other security engineers and get support

Why Open Source Security Matters

It has been estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any given piece of modern software solutions.
With this level of dependency on open source, security teams need automated tools to safely consume OSS components without slowing down development velocity.