Skip to main content

Quick Start

info

SafeDep Cloud provides a control and data aggregation service on top of security tools like vet. Refer to SafeDep Cloud for more information.

SafeDep cloud allows vet users to connect and report its findings to a central location (SafeDep Cloud). Subsequently, users of the service can perform various tasks such as

  1. Query by risks
  2. Observe policy violations generated by vet
  3. Manage, test and deploy policies across all instances of vet

The process involves following steps

  1. Onboard to SafeDep Cloud
  2. Generate an API key for use with vet
  3. Configure vet to sync its finding to SafeDep Cloud
  4. Query consolidate data from all vet deployments
tip

The vet tool is extended with cloud management functionality. All cloud management related commands are available within vet cloud sub-command. However, not all users of vet need to use the cloud functionality. It is meant only for administrative and management operations.

Onboard to SafeDep Cloud

Follow the steps below to onboard into SafeDep Cloud. This is required only for administrators who want to configure vet to synchronize data and policies with SafeDep Cloud. This is not required for independent use of vet.

1. Install vet

Start by installing vet if you don't already have it installed. Ensure you are using a version that supports the cloud subcommand.

2. Login to SafeDep Cloud

vet cloud login
info

If you sign-up using email and password, you will be required to verify your email address before you can authenticate.

Once you have registered, verify that you are authenticated to SafeDep cloud.

3. Onboard your Organization

Create an organization that will group (isolate) all your projects, policies and data

vet cloud register --name "John Doe" \
--org-name "Organization Name" \
--org-domain example.com

On successful on-boarding, you will receive the SafeDep cloud tenant domain. It will be like default-team.example-com.safedep.io. vet will automatically configure this domain on your local system. You need to note this domain for usage in CI/CD. You will also receive an email with the required details.

4. Verify Onboarding

vet cloud whoami

This should list your registered user and your organization on SafeDep cloud.

5. Create API Key for vet Integration

Generate an API key for use with vet for syncing report data to SafeDep cloud.

vet cloud key create --name "Key Name" --description "Key description"

Configure vet with SafeDep Cloud

Once the API key is generated

vet auth configure --tenant <tenant-domain>

Send Data to SafeDep Cloud

vet scan -M /path/to/package-lock.json --report-sync \
--report-sync-project my-project \
--report-sync-project-version my-project-version

package-lock.json is used as an example manifest. vet supports a wide variety of package manifest and code analysis.

Configure GitHub Action

If you are using vet-action with GitHub, you can configure it to send issues and policy violations to SafeDep Cloud.

  1. Create a GitHub Action Secret to store the API key generated earlier and your tenant domain
  2. Update your vet-action workflow to enable cloud mode
[...]
cloud: true
cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }}
cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }}
[...]

Query Aggregated Data

SafeDep cloud maintains a component oriented data model for all your projects, OSS components, vulnerabilities, security insights and policy violations. You can query this data to find exactly what you need.

SQL Query Interface

The vet cloud subcommand provides a generic SQL-like query interface that can be used to find what you need.

tip

You need to be authenticated with SafeDep cloud to execute queries.

vet cloud login --tenant <your-tenant-domain>

List projects synchronized with SafeDep Cloud

vet cloud query execute --sql "select projects.name, projects.version from projects"

Find critical vulnerabilities affecting a component in main branch

vet cloud query execute --sql \
"
select projects.name, packages.name, packages.version, vulnerabilities.cve_id from projects
where projects.version = 'main' and vulnerabilities.risk = 'CRITICAL'
"

Find components with policy violations in main branch

To learn more about policies, refer to policy as code

vet cloud query execute --sql \
"
select projects.name, packages.name, packages.version, policy_violations.rule_name from projects
where projects.version = 'main'
"

View schema to build your own queries

vet cloud query schema

Export Data

All vet cloud query commands support CSV export by default. To export results as CSV

vet cloud query execute \
--csv results.csv \
--sql "select projects.name, projects.version from projects"