Dependency Usage Identification through Code Analysis

vet can identify dependency usage in your code using static code analysis. It is useful when dealing with vulnerabilities so that you can prioritise only those dependencies you've actually used in your code.

Demo

Usage

Create a code analysis database with code context including dependency usage evidences (enabled by default) for source code in src/

vet code scan --app src --db /tmp/dump/vet-test.db

Perform vet scan, enriched with dependency usage evidence data from code analysis database generated above.

vet scan --code /tmp/dump/vet-test.db

Reference

https://github.com/safedep/vet

Dependency Usage Identification through Code Analysis

Demo​

Usage​

Reference​

Demo

Usage

Reference