Every source needs SafeDep Cloud credentials: a tenant domain and an API key. New to Cloud? Start with the quickstart.
This page covers
vet scan sync in full. PMG and endpoint inventory sync have their own setup guides, summarized below.
Sync vet scan results
vet scan --report-sync uploads scan results to your tenant, grouped by project and version.
Prerequisites
vet needs SafeDep Cloud credentials before it can sync. The fastest path is the guided setup, which walks through account, tenant, and credentials in one command:
Already onboarded? See the authentication guide to configure vet with an existing tenant and API key.
Sync a scan
--report-sync-project: project identifier. Use a consistent convention, like the repository path (github.com/org/repo), so names stay unique across teams.--report-sync-project-version: project version, typically a branch, tag, or commit
The examples use
package-lock.json, but vet supports many package manifest formats and code analysis.Separate environments
The version field also separates environments. Sync the same project asproduction, staging, or a feature branch name, then compare them side by side in SafeDep Cloud:
Enforce policy while syncing
Sync and policy enforcement run in the same scan. Add a policy suite and--filter-fail to gate the pipeline while results still sync to your tenant:
--policy-suite takes a v2 policy file (see the example in the vet repository); --filter-fail exits non-zero on a violation. The older --filter-suite format is documented in the policy reference.
Sync from GitHub Actions
vet-action syncs automatically when its cloud inputs are set. AddSAFEDEP_CLOUD_API_KEY and SAFEDEP_CLOUD_TENANT_DOMAIN as GitHub Actions secrets, then enable cloud sync in your workflow:
${{ github.repository }} and the version is ${{ github.ref_name }}.
Sync from other CI systems
The pattern is the same on any CI system: provideSAFEDEP_API_KEY and SAFEDEP_TENANT_ID as environment variables and run vet scan with the --report-sync flags. See CI/CD & Platform Integrations for the full GitLab and Bitbucket guides.
- GitLab CI
- Jenkins
- Azure DevOps
What gets synced
Package information
Package information
- Discovered packages and versions
- Dependency relationships and metadata
- Package manifest locations and types
Security findings
Security findings
- Vulnerability information and severity levels
- OpenSSF Scorecard metrics
- License compliance data
- Malware analysis results (if enabled)
Policy violations
Policy violations
- Policy rule violations and details
- Exception applications and status
Project context
Project context
- Project identification and versioning
- Scan timestamps and environment info
- Git commit information (when available)
Sync package events from PMG
PMG intercepts package manager commands on the endpoint and records each install as an event. With cloud sync enabled, PMG drains its local event log to your tenant automatically after each invocation, andpmg cloud sync pushes events immediately.
Setup, login, and auto-sync tuning live on the Package Guard page:
Package Guard
Enable PMG cloud sync and view package events in Endpoint Hub
Sync AI tool inventory
vet endpoint scan discovers AI tooling on a machine (coding agents, MCP servers, CLI tools, IDE extensions, Agent Skills) and delivers the inventory to your tenant when vet has credentials configured.
Endpoint Inventory
Enable inventory sync and browse discovered AI tooling in Endpoint Hub
Query synced data
Once data lands in your tenant, query it withsafedep query exec or the web console. The quickstart has a worked example, and the SQL query guide covers the full schema, join model, and queries across vulnerabilities, licenses, malware findings, and endpoint events.
Troubleshooting
Sync failures
Sync failures
- Verify the API key and tenant configuration (
vet auth verify) - Check network connectivity to SafeDep Cloud
- Ensure project names don’t contain invalid characters
Missing data
Missing data
- Confirm
--report-syncand the project flags are set - Check that the scan completed successfully
- Verify the project name and version identifiers match what you expect
Authentication issues
Authentication issues
- Verify the API key has sync permissions
- Check the tenant domain configuration
- Confirm credentials are set correctly in your CI/CD environment
Cloud Quickstart
Set up the safedep CLI and run your first query
Authentication Guide
SafeDep Cloud authentication methods
Endpoint Hub
AI tooling and package activity across your endpoints
vet-action Documentation
Complete GitHub Actions integration guide

