> ## Documentation Index
> Fetch the complete documentation index at: https://docs.safedep.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Vet Quickstart

> Get started with Vet in under 5 minutes

<Info>
  For SafeDep Cloud, refer to [Cloud Quickstart](/governance/cloud/quickstart)
</Info>

Use [SafeDep Vet](https://github.com/safedep/vet) to detect security risks and apply policy-based controls that block vulnerable or malicious open source dependencies.

## Installation

<AccordionGroup>
  <Accordion icon="beer-mug" title="Homebrew (macOS/Linux)">
    ```bash theme={null}
    brew tap safedep/tap
    brew install safedep/tap/vet
    ```
  </Accordion>

  <Accordion icon="docker" title="Container Image">
    ```bash theme={null}
    docker run --rm -it ghcr.io/safedep/vet:latest version
    ```
  </Accordion>

  <Accordion icon="download" title="Pre-built Binary">
    Download a pre-built binary suitable for your OS at [GitHub Releases](https://github.com/safedep/vet/releases)
  </Accordion>
</AccordionGroup>

For additional installation options, see [Vet's README](https://github.com/safedep/vet).

## Running Your First Scan

Scan a source code repository, auto-discovering well-known manifest files:

```bash theme={null}
vet scan -D /path/to/dir
```

<img src="https://mintcdn.com/safedep/A0tSXvZ_XcagO9QB/images/vet/vet-scan-directory.png?fit=max&auto=format&n=A0tSXvZ_XcagO9QB&q=85&s=898ff1a8606eb9d1c309cb7b5c20a8c6" alt="vet scanning a directory" width="1832" height="1756" data-path="images/vet/vet-scan-directory.png" />

### Other scanning options

<AccordionGroup>
  <Accordion icon="file" title="Scan a single file">
    ```bash theme={null}
    vet scan -M package-lock.json
    ```
  </Accordion>

  <Accordion icon="link" title="Scan a PURL">
    ```bash theme={null}
    vet scan --purl pkg:npm/express@4.18.2
    ```
  </Accordion>

  <Accordion icon="java" title="Scan a Java JAR file">
    ```bash theme={null}
    vet scan -M /path/to/my-app.jar
    ```
  </Accordion>

  <Accordion icon="docker" title="Scan an OCI image">
    ```bash theme={null}
    vet scan --image ghcr.io/safedep/vet:latest
    ```
  </Accordion>
</AccordionGroup>

For more scanning options, see [Vet's README](https://github.com/safedep/vet).

## Policy as Code

`vet` supports a [CEL](https://cel.dev/)-based policy language for identifying risks. Scan and fail on critical or high vulnerabilities:

```bash theme={null}
vet scan -D /path/to/dir \
  --filter '(vulns.critical.size() > 0) || (vulns.high.size() > 0)' \
  --filter-fail
```

### Advanced Policy Configuration

Combine multiple CEL queries into a policy suite ([example](https://github.com/safedep/vet/blob/main/samples/filter-suites/fs-generic.yml)) and audit your application:

```bash theme={null}
vet scan -D /path/to/dir \
  --filter-suite /path/to/policy.yml \
  --filter-fail
```

## Setup CI/CD Guardrails

`vet` includes a native [GitHub Action](https://github.com/safedep/vet-action) for policy-driven guardrails against risky OSS components.

<img src="https://mintcdn.com/safedep/A0tSXvZ_XcagO9QB/images/vet-guardrails.png?fit=max&auto=format&n=A0tSXvZ_XcagO9QB&q=85&s=150f43463641243a1819a6e9b7d028c6" alt="vet guardrails in GitHub" width="1176" height="822" data-path="images/vet-guardrails.png" />

<CardGroup cols={2}>
  <Card title="GitHub Integration" icon="github" href="/governance/integrations/github-code-scanning">
    Setup Vet with GitHub Actions and Code Scanning
  </Card>

  <Card title="GitLab Integration" icon="gitlab" href="/governance/integrations/gitlab">
    Integrate Vet with GitLab CI/CD pipelines
  </Card>

  <Card title="Policy Configuration" icon="shield-check" href="/reference/policy-as-code">
    Learn advanced policy configuration with CEL
  </Card>

  <Card title="Cloud Platform" icon="cloud" href="/governance/cloud/quickstart">
    Scale across your organization with SafeDep Cloud
  </Card>
</CardGroup>

## What's Next?

* See the [Vet GitHub Repository](https://github.com/safedep/vet) for the latest documentation on usage and advanced features.

* For `vet`'s complete commands, sub-commands, flags, and usage documentation, see the [Vet CLI Reference Manual](https://safedep.github.io/vet).