Skip to main content
SafeDep secures your open source software supply chain. It blocks malicious and vulnerable packages before they reach your code, gives you visibility and policy over the dependencies you ship, and helps you control what AI coding agents pull in and run. Its core tools (Vet, PMG, xBom, and Gryph) are free, open source, and usable without a SafeDep account. SafeDep Cloud adds hosted policy, inventory, and org-wide visibility when your team is ready.

Where to start

Block malicious packages

Stop malicious and vulnerable packages at install time and in CI/CD, with PMG and Vet.

Secure AI coding agents

Discover, audit, and control what AI agents access and run, with Gryph and the MCP server.

Scan & govern dependencies

Scan repositories, SBOMs, and CI/CD for risk, and govern policy across your org with Vet and SafeDep Cloud.

How SafeDep works

Understand how SafeDep detects malicious packages, plus the core terms used across these docs.