vet
supports native GitLab Dependency Scanning. You can use vet
to protect your project from malicious and vulnerable dependencies on every push and merge request to GitLab.
Prerequisites
GitLab Account
Active GitLab account with access to your project
Ultimate Plan
GitLab Group with Ultimate Plan for security scanning features
Security scanning features are only available to GitLab Ultimate plans. Free users can still use the vet CI component to find vulnerabilities and check policy violations. See the demo video for free usage.
Quick Setup
1. Enable CI on Your Project
Create a.gitlab-ci.yml
file in the root of your project:
2. Add vet as a CI Component
Add the following to your.gitlab-ci.yml
file:
Viewing Results
Once configured, you’ll see thevet
job in your pipeline with a security tab:



Configuration Options
Cloud Sync Integration
Enable SafeDep Cloud synchronization:Store
CLOUD_KEY
and CLOUD_TENANT
as GitLab CI/CD variables for security.Policy Configuration
Use custom policies for advanced filtering:Version Control
Specify which version ofvet
to use:
Trusted Registries
Configure trusted registry URLs for package verification:Artifact Access
Control who can access scan artifacts:Only use
all
if you’re comfortable exposing security scan results publicly.Advanced Examples
Multi-Stage Pipeline
Conditional Scanning
Troubleshooting
Security Tab Not Visible
Security Tab Not Visible
Ensure your GitLab plan includes security scanning features. Ultimate plan is required for the security dashboard.
CI Component Not Found
CI Component Not Found
Verify you’re using the correct component path and version. Check the GitLab Component Catalog for the latest version.
Policy Violations Failing Build
Policy Violations Failing Build
This is expected behavior when violations are found. Review the job logs to understand which policies were violated and either fix the issues or adjust your policy configuration.