Skip to main content
Vet is a free, open-source software composition analysis (SCA) scanner. It checks your open-source dependencies for malicious packages, known vulnerabilities, license issues, and weak project health, then lets you enforce policy on what it finds. Run it locally, in CI/CD, or against a whole repository.

What Vet does

Automated analysis

Replace manual dependency reviews with policy-driven analysis.

Policy as code

Define and version security policy with CEL.

CI/CD integration

Run in any CI tool or your local workflow.

Trusted data

Built on OSV, OpenSSF Scorecard, deps.dev, and SafeDep malware intelligence.

Get started

Vet Quickstart

Scan your first project in minutes.

Dependency Inventory

Generate an accurate dependency inventory.

Code Analysis

See how dependencies are actually used.

Dependency Usage

Prioritize findings by which dependencies your code actually uses.

Filtering & Policy

Query results and enforce policy with CEL.
vet scanning a project