Skip to main content

Quick Start

SafeDep Cloud provides a control and data aggregation service on top of security tools like vet. Refer to SafeDep Cloud for more information.

SafeDep cloud allows vet users to connect and optionally report its findings to a central location (SafeDep Cloud). Subsequently, users of the service can perform various tasks such as

  1. Query by risks
  2. Observe policy violations generated by vet
  3. Manage, test and deploy policies across all instances of vet
  4. Use Malware Analysis

The process involves following steps

  1. Onboard to SafeDep Cloud
  2. Generate an API key for use with vet
  3. Configure vet to sync its finding to SafeDep Cloud
  4. Query consolidate data from all vet deployments

Onboard to SafeDep Cloud using vet

The easiest way to onboard to SafeDep cloud for vet users is to use the vet cloud quickstart command. To use it

  1. You must have vet installed
  2. Run vet cloud quickstart

https://www.youtube.com/watch?v=ykSiP547xuA

Onboard to SafeDep Cloud using Web

Navigate to https://platform.safedep.io/ to onboard to SafeDep Cloud. You must perform the following steps

  1. Navigate to https://platform.safedep.io/
  2. Sign-in or Sign-up
  3. Onboard and create your Tenant while noting the Tenant Domain
  4. Create API key for use with vet

After completing onboarding, you should have the following information for use with vet

  1. Tenant Domain
  2. API Key

vet with SafeDep Cloud

info

This step is not required if you have onboarded using vet cloud quickstart command

The instructions in this section assumes you have already onboarded into SafeDep Cloud and have access to:

  1. Tenant Domain
  2. API Key

Once these information are available, configure vet to use SafeDep Cloud services

vet auth configure --tenant <tenant-domain>

Note: You will be prompted to enter API key

Verify Authentication

Verify that your vet instance is configured to authenticate with SafeDep Cloud

vet auth verify

Send Data to SafeDep Cloud

vet has first class integration with SafeDep Cloud. The sync reporting module can be used to synchronize its findings with SafeDep Cloud. This integrate is disabled by default and must be explicitly enabled using --report-sync command line option.

vet scan -M /path/to/package-lock.json --report-sync \
  --report-sync-project my-project \
  --report-sync-project-version my-project-version

package-lock.json is used as an example manifest. vet supports a wide variety of package manifest and code analysis.

Configure GitHub Action

If you are using vet-action with GitHub, you can configure it to send issues and policy violations to SafeDep Cloud.

  1. Create a GitHub Action Secret to store the API key generated earlier and your tenant domain
  2. Update your vet-action workflow to enable cloud mode
[...]
  cloud: true
  cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
  cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}
[...]

Query Aggregated Data

SafeDep cloud maintains a component oriented data model for all your projects, OSS components, vulnerabilities, security insights and policy violations. You can query this data to find exactly what you need.

SQL Query Interface

The vet cloud subcommand provides a generic SQL-like query interface that can be used to find what you need.

tip

You need to be authenticated with SafeDep cloud to execute queries.

vet cloud login --tenant <your-tenant-domain>

List projects synchronized with SafeDep Cloud

vet cloud query execute --sql "select projects.name, projects.version from projects"

Find critical vulnerabilities affecting a component in main branch

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, vulnerabilities.cve_id from projects
      where projects.version = 'main' and vulnerabilities.risk = 'CRITICAL'
  "

Find components with policy violations in main branch

To learn more about policies, refer to policy as code

vet cloud query execute --sql \
  "
    select projects.name, packages.name, packages.version, policy_violations.rule_name from projects
      where projects.version = 'main'
  "

View schema to build your own queries

vet cloud query schema

Export Data

All vet cloud query commands support CSV export by default. To export results as CSV

vet cloud query execute \
  --csv results.csv \
  --sql "select projects.name, projects.version from projects"