Skip to main content

🚀 Quick Start

info

For SafeDep Cloud, refer to Cloud Quickstart

Get started with vet for identifying risky open source components used in your application. Establish policy driven guardrails to prevent introducing risky open source components in your application.

Installation

Use homebrew

brew tap safedep/tap
brew install safedep/tap/vet

Use Container Image

docker run --rm -it ghcr.io/safedep/vet:latest version

Binary

Download a pre-built binary suitable for your OS at GitHub Releases

Other

For a list of supported installation options, refer to vet's README

Running a Scan

Scan a directory, auto-discovering well known manifest files

vet scan -D /path/to/dir

Policy as Code

vet supports CEL based policy language for identifying risks. Scan and fail on critical or high risk vulnerabilities

vet scan -D /path/to/dir \
--filter '(vulns.critical.size() > 0) || (vulns.high.size() > 0)' \
--filter-fail

Multiple CEL queries can be combined to create a policy. See example. Audit your application using your opinionated policy as code

vet scan -D /path/to/dir \
--filter-suite /path/to/policy.yml \
--filter-fail

Setup Guardrails in CI/CD

vet supports a native GitHub Action that can be used to easily setup a policy driven guardrail against risky OSS components. Refer to vet-action on setting up pull request integration for GitHub.

Whats Next?

Refer to vet GitHub Repository for latest documentation on usage.