Quick Start

info

SafeDep Cloud provides a control and data aggregation service on top of security tools like vet. Refer to SafeDep Cloud for more information.

SafeDep cloud allows vet users to connect and report its findings to a central location (SafeDep Cloud). Subsequently, users of the service can perform various tasks such as

Query by risks
Observe policy violations generated by vet
Manage, test and deploy policies across all instances of vet

The process involves following steps

Onboard to SafeDep Cloud
Generate an API key for use with vet
Configure vet to sync its finding to SafeDep Cloud
Query consolidate data from all vet deployments

tip

The vet tool is extended with cloud management functionality. All cloud management related commands are available within vet cloud sub-command. However, not all users of vet need to use the cloud functionality. It is meant only for administrative and management operations.

Onboard to SafeDep Cloud

Follow the steps below to onboard into SafeDep Cloud. This is required only for administrators who want to configure vet to synchronize data and policies with SafeDep Cloud. This is not required for independent use of vet.

1. Install `vet`

Start by installing vet if you don't already have it installed. Ensure you are using a version that supports the cloud subcommand.

vet cloud login

info

If you sign-up using email and password, you will be required to verify your email address before you can authenticate.

Once you have registered, verify that you are authenticated to SafeDep cloud.

3. Onboard your Organization

Create an organization that will group (isolate) all your projects, policies and data

vet cloud register --name "John Doe" \
  --org-name "Organization Name" \
  --org-domain example.com

On successful on-boarding, you will receive the SafeDep cloud tenant domain. It will be like default-team.example-com.safedep.io. vet will automatically configure this domain on your local system. You need to note this domain for usage in CI/CD. You will also receive an email with the required details.

4. Verify Onboarding

vet cloud whoami

This should list your registered user and your organization on SafeDep cloud.

5. Create API Key for `vet` Integration

Generate an API key for use with vet for syncing report data to SafeDep cloud.

vet cloud key create --name "Key Name" --description "Key description"

Configure `vet` with SafeDep Cloud

Once the API key is generated

vet auth configure --tenant <tenant-domain>

Send Data to SafeDep Cloud

vet scan -M /path/to/package-lock.json --report-sync \
  --report-sync-project my-project \
  --report-sync-project-version my-project-version

package-lock.json is used as an example manifest. vet supports a wide variety of package manifest and code analysis.

Configure GitHub Action

If you are using vet-action with GitHub, you can configure it to send issues and policy violations to SafeDep Cloud.

Create a GitHub Action Secret to store the API key generated earlier and your tenant domain
Update your vet-action workflow to enable cloud mode

[...]
  cloud: true
  cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
  cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}
[...]

Query Aggregated Data

SafeDep cloud maintains a component oriented data model for all your projects, OSS components, vulnerabilities, security insights and policy violations. You can query this data to find exactly what you need.

SQL Query Interface

The vet cloud subcommand provides a generic SQL-like query interface that can be used to find what you need.

tip

You need to be authenticated with SafeDep cloud to execute queries.

vet cloud login --tenant <your-tenant-domain>

List projects synchronized with SafeDep Cloud

vet cloud query execute --sql "select projects.name, projects.version from projects"

Find critical vulnerabilities affecting a component in `main` branch

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, vulnerabilities.cve_id from projects
      where projects.version = 'main' and vulnerabilities.risk = 'CRITICAL'
  "

Find components with policy violations in `main` branch

To learn more about policies, refer to policy as code

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, policy_violations.rule_name from projects
      where projects.version = 'main'
  "

View schema to build your own queries

vet cloud query schema

Export Data

All vet cloud query commands support CSV export by default. To export results as CSV

vet cloud query execute \
  --csv results.csv \
  --sql "select projects.name, projects.version from projects"

Quick Start

Onboard to SafeDep Cloud​

1. Install vet​

2. Login to SafeDep Cloud​

3. Onboard your Organization​

4. Verify Onboarding​

5. Create API Key for vet Integration​

Configure vet with SafeDep Cloud​

Send Data to SafeDep Cloud​

Configure GitHub Action​

Query Aggregated Data​

SQL Query Interface​

List projects synchronized with SafeDep Cloud​

Find critical vulnerabilities affecting a component in main branch​

Find components with policy violations in main branch​

View schema to build your own queries​

Export Data​