> ## Documentation Index > Fetch the complete documentation index at: https://docs.safedep.io/llms.txt > Use this file to discover all available pages before exploring further. # Cloud Sync > Synchronize Vet scan data and policy violations with SafeDep Cloud for centralized analysis, query and reporting This page covers syncing `vet scan` results from CI/CD pipelines to SafeDep Cloud using `--report-sync`. To sync AI tool inventory from developer machines or agents, see [Inventory Sync](/governance/cloud/endpoint-hub/inventory). ## Sync Methods Direct integration using command-line interface GitHub Actions workflow integration ## Using Vet CLI ### Prerequisites Configure `vet` to authenticate with SafeDep Cloud before using `--report-sync`. See the [quickstart guide](/governance/cloud/quickstart) for onboarding and authentication setup. The `--report-sync` flag enables data synchronization to SafeDep Cloud. ### Basic Synchronization Sync scan results with project identification: ```bash theme={null} vet scan -M /path/to/package-lock.json --report-sync \ --report-sync-project my-project \ --report-sync-project-version my-project-version ``` ### Parameters * `--report-sync-project`: Project identifier (typically repository name) * `--report-sync-project-version`: Project version (branch, tag, or commit) ### Directory Scanning with Sync Scan entire repositories and sync results: ```bash theme={null} vet scan -D /path/to/repository \ --report-sync \ --report-sync-project github.com/org/repo \ --report-sync-project-version main ``` ### Multiple Manifest Sync Sync results from scanning multiple manifest files: ```bash theme={null} vet scan -D /path/to/monorepo \ --report-sync \ --report-sync-project monorepo-backend \ --report-sync-project-version v2.1.0 ``` ## Advanced Sync Configurations ### Environment-Based Sync Differentiate between environments using project versions: ```bash theme={null} vet scan -D . \ --report-sync \ --report-sync-project myapp \ --report-sync-project-version production ``` ```bash theme={null} vet scan -D . \ --report-sync \ --report-sync-project myapp \ --report-sync-project-version staging ``` ```bash theme={null} vet scan -D . \ --report-sync \ --report-sync-project myapp \ --report-sync-project-version feature-branch ``` ### Conditional Sync with Policies Sync only when policy violations are found: ```bash theme={null} vet scan -D . \ --filter-suite security-policy.yml \ --filter-fail \ --report-sync \ --report-sync-project critical-app \ --report-sync-project-version main ``` ### Batch Processing Sync multiple projects in a script: ```bash theme={null} #!/bin/bash for project in project-a project-b project-c; do vet scan -D "/path/to/$project" \ --report-sync \ --report-sync-project "$project" \ --report-sync-project-version "$(git -C /path/to/$project rev-parse --abbrev-ref HEAD)" done ``` ## GitHub Actions Integration ### Basic vet-action Configuration Enable cloud sync in your GitHub workflow: ```yaml theme={null} name: Security Scan and Sync on: push: branches: [ main, develop ] pull_request: branches: [ main ] jobs: security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run vet with cloud sync uses: safedep/vet-action@v1 with: cloud: true cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }} cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` ### Advanced GitHub Actions Configuration ```yaml theme={null} name: Comprehensive Security Analysis on: push: branches: [ main ] pull_request: branches: [ main ] schedule: - cron: '0 2 * * 1' # Weekly scan jobs: security-analysis: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run security scan with sync uses: safedep/vet-action@v1 with: cloud: true cloud-key: ${{ secrets.SAFEDEP_CLOUD_API_KEY }} cloud-tenant: ${{ secrets.SAFEDEP_CLOUD_TENANT_DOMAIN }} policy: '.github/vet/policy.yml' paranoid: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload scan artifacts uses: actions/upload-artifact@v4 if: always() with: name: security-scan-results path: | *.json *.sarif ``` ### Project Identification vet-action automatically sets project identification from repository information: * **Project Name**: `${{ github.repository }}` (e.g., `org/repo`) * **Project Version**: `${{ github.ref_name }}` (branch or tag name) ## CI/CD Platform Integration ### GitLab CI ```yaml theme={null} stages: - security security-scan: stage: security image: ghcr.io/safedep/vet:latest script: - vet scan -D . --report-sync --report-sync-project $CI_PROJECT_PATH --report-sync-project-version $CI_COMMIT_REF_NAME variables: SAFEDEP_API_KEY: $SAFEDEP_API_KEY SAFEDEP_TENANT_ID: $SAFEDEP_TENANT_ID only: - main - develop - merge_requests ``` ### Jenkins Pipeline ```groovy theme={null} pipeline { agent any environment { SAFEDEP_API_KEY = credentials('safedep-api-key') SAFEDEP_TENANT_ID = credentials('safedep-tenant-id') } stages { stage('Security Scan') { steps { sh """ vet scan -D . \ --report-sync \ --report-sync-project ${env.JOB_NAME} \ --report-sync-project-version ${env.BRANCH_NAME} """ } } } } ``` ### Azure DevOps ```yaml theme={null} trigger: branches: include: - main - develop variables: - group: safedep-credentials jobs: - job: SecurityScan displayName: 'Security Scan and Sync' pool: vmImage: 'ubuntu-latest' steps: - script: | vet scan -D . \ --report-sync \ --report-sync-project $(Build.Repository.Name) \ --report-sync-project-version $(Build.SourceBranchName) displayName: 'Run vet security scan' env: SAFEDEP_API_KEY: $(safedep-api-key) SAFEDEP_TENANT_ID: $(safedep-tenant-id) ``` ## Data Synchronization Details ### What Gets Synced * All discovered packages and versions * Dependency relationships and metadata * Package manifest locations and types * Vulnerability information and severity levels * OpenSSF Scorecard metrics * License compliance data * Malware analysis results (if enabled) * Policy rule violations and details * Filter expression results * Exception applications and status * Project identification and versioning * Scan timestamps and environment info * Git commit information (when available) ### Sync Frequency * **On-demand**: Manual scans using the CLI * **CI/CD triggered**: Automated scans on code changes * **Scheduled**: Regular scans via cron or scheduled workflows * **Event-driven**: Scans triggered by specific events ## Querying Synced Data Once data is synced to SafeDep Cloud, query it with the `safedep` CLI: ```bash theme={null} safedep query exec --sql " SELECT projects.name FROM projects WHERE projects.origin_source = 'SOURCE_GITHUB' ORDER BY projects.name" ``` See the [SafeDep Cloud SQL guide](/reference/sql-query) for the full schema, the join model, and worked examples covering vulnerabilities, licenses, malware findings, and endpoint events. ## Best Practices Use consistent naming: * Include the organization: `org/project-name` * Use repository URLs for uniqueness across teams Use meaningful version identifiers: * Branch names for development branches * Semantic versions for releases * Environment identifiers (prod, staging, dev) * Sync on every commit to the main branch * Include pull request scans for early detection * Add scheduled scans to catch drift between commits ## Troubleshooting * Verify the API key and tenant configuration * Check network connectivity to SafeDep Cloud * Ensure project names don't contain invalid characters * Confirm `--report-sync` and the project flags are set * Check that the scan completed successfully * Verify the project name and version identifiers match what you expect * Verify the API key has sync permissions * Check the tenant domain configuration * Confirm credentials are set correctly in your CI/CD environment Get started with SafeDep Cloud authentication and setup Complete GitHub Actions integration guide Learn how to query synced data in SafeDep Cloud Understand SafeDep Cloud authentication methods