Skip to main content

Quick Start

info

SafeDep Cloud provides a control and data aggregation service on top of security tools like vet. Refer to SafeDep Cloud for more information.

SafeDep cloud allows vet users to connect and report its findings to a central location (SafeDep Cloud). Subsequently, users of the service can perform various tasks such as

  1. Query by risks
  2. Observe policy violations generated by vet
  3. Manage, test and deploy policies across all instances of vet

The process involves following steps

  1. Onboard to SafeDep Cloud
  2. Generate an API key for use with vet
  3. Configure vet to sync its finding to SafeDep Cloud
  4. Query consolidate data from all vet deployments
tip

The vet tool is extended with cloud management functionality. All cloud management related commands are available within vet cloud sub-command. However, not all users of vet need to use the cloud functionality. It is meant only for administrative and management operations.

Onboard to SafeDep Cloud

Navigate to https://platform.safedep.io/ to onboard to SafeDep Cloud. You must perform the following steps

  1. Navigate to https://platform.safedep.io/
  2. Sign-in or Sign-up
  3. Onboard and create your Tenant while noting the Tenant Domain
  4. Create API key for use with vet

After completing onboarding, you should have the following information for use with vet

  1. Tenant Domain
  2. API Key

vet with SafeDep Cloud

The instructions in this section assumes you have already onboarded into SafeDep Cloud and have access to:

  1. Tenant Domain
  2. API Key

Once these information are available, configure vet to use SafeDep Cloud services

vet auth configure --tenant <tenant-domain>

Note: You will be prompted to enter API key

Verify Authentication

Verify that your vet instance is configured to authenticate with SafeDep Cloud

vet auth verify

Send Data to SafeDep Cloud

vet has first class integration with SafeDep Cloud. The sync reporting module can be used to synchronize its findings with SafeDep Cloud. This integrate is disabled by default and must be explicitly enabled using --report-sync command line option.

vet scan -M /path/to/package-lock.json --report-sync \
  --report-sync-project my-project \
  --report-sync-project-version my-project-version

package-lock.json is used as an example manifest. vet supports a wide variety of package manifest and code analysis.

Configure GitHub Action

If you are using vet-action with GitHub, you can configure it to send issues and policy violations to SafeDep Cloud.

  1. Create a GitHub Action Secret to store the API key generated earlier and your tenant domain
  2. Update your vet-action workflow to enable cloud mode
[...]
  cloud: true
  cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
  cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}
[...]

Query Aggregated Data

SafeDep cloud maintains a component oriented data model for all your projects, OSS components, vulnerabilities, security insights and policy violations. You can query this data to find exactly what you need.

SQL Query Interface

The vet cloud subcommand provides a generic SQL-like query interface that can be used to find what you need.

tip

You need to be authenticated with SafeDep cloud to execute queries.

vet cloud login --tenant <your-tenant-domain>

List projects synchronized with SafeDep Cloud

vet cloud query execute --sql "select projects.name, projects.version from projects"

Find critical vulnerabilities affecting a component in main branch

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, vulnerabilities.cve_id from projects
      where projects.version = 'main' and vulnerabilities.risk = 'CRITICAL'
  "

Find components with policy violations in main branch

To learn more about policies, refer to policy as code

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, policy_violations.rule_name from projects
      where projects.version = 'main'
  "

View schema to build your own queries

vet cloud query schema

Export Data

All vet cloud query commands support CSV export by default. To export results as CSV

vet cloud query execute \
  --csv results.csv \
  --sql "select projects.name, projects.version from projects"