Skip to main content
SafeDep Cloud aggregates findings from SafeDep tools into a tenant you can query and govern from one place. The safedep CLI is the command line client for your tenant: it handles login, endpoint fleet visibility, and SQL queries over synced data. This guide takes you from a new account to your first query.

Create your tenant

1

Create an account

Sign up at app.safedep.io.
2

Create a tenant

Complete onboarding and create your tenant. Note the tenant domain (for example your-company.safedep.io). Tools use it to identify your tenant.
You do not need to create an API key by hand. safedep auth login creates one during login. CI/CD integrations that need a static key can generate one at app.safedep.io/settings/api-keys.

Install the safedep CLI

brew install safedep/tap/cli
Prebuilt binaries for Linux, macOS, and Windows are on the releases page.

Log in

safedep auth login
The command runs an OAuth device flow in your browser, selects a tenant you have access to, creates an API key, and stores the credentials in your OS keychain. Confirm the session:
safedep auth status
For static API key login, credential profiles, and non-interactive use, see the authentication guide and the CLI command reference.

Connect a data source

A new tenant is empty until a tool syncs data into it. Pick the source that matches what you want to see:

Repository scans

Sync packages, vulnerabilities, and policy violations from vet scan, locally or in CI/CD

Package installs

Track package manager activity on developer machines with PMG

AI tool inventory

Discover coding agents, MCP servers, and Agent Skills on endpoints with vet endpoint scan

GitHub App

Scan pull requests with zero setup and link the installation to your tenant
Once PMG or vet endpoint scan reports from a machine, check your fleet from the CLI:
safedep endpoint status

Query your data

Query your tenant’s aggregated inventory and findings with SQL: projects, packages, endpoints, and security findings enriched with threat intelligence (vulnerabilities, EPSS, CISA KEV, OpenSSF Scorecard). For example, find your top remediation targets by critical CVE count:
safedep query exec --sql "
  SELECT packages.name, COUNT(DISTINCT vulnerabilities.vuln_id) AS critical_vulns
  FROM packages
  JOIN component_vulnerabilities ON component_vulnerabilities.component_id = packages.id
  JOIN vulnerabilities ON vulnerabilities.vuln_id = component_vulnerabilities.vulnerability_id
  WHERE vulnerabilities.severity_rating = 'CRITICAL'
  GROUP BY packages.name
  ORDER BY critical_vulns DESC" --limit 15
Prefer a UI? Run the same queries from the web console at app.safedep.io.
See the SQL query guide for the full schema, query rules, and worked examples: severity breakdowns, EPSS enrichment, malware findings, endpoint audit trails, and more.

Next steps

Authentication Guide

Cloud authentication methods and API access patterns

Malware Analysis

Detect malicious packages in your dependencies with Cloud code analysis

Cloud FAQ

Answers to common questions

API Documentation

Integrate SafeDep Cloud with your own systems