🚀 Quick Start
For SafeDep Cloud, refer to Cloud Quickstart
Get started with vet for identifying risky open source components used in your application. Establish policy driven guardrails to prevent introducing risky open source components in your application.
Installation
Use homebrew
brew tap safedep/tap
brew install safedep/tap/vet
Use Container Image
docker run --rm -it ghcr.io/safedep/vet:latest version
Binary
Download a pre-built binary suitable for your OS at GitHub Releases
Other
For a list of supported installation options, refer to vet's README
Running a Scan
Scan a directory, auto-discovering well known manifest files
vet scan -D /path/to/dir
Policy as Code
vet supports CEL based policy language for identifying risks. Scan and fail on critical or high risk vulnerabilities
vet scan -D /path/to/dir \
--filter '(vulns.critical.size() > 0) || (vulns.high.size() > 0)' \
--filter-fail
Multiple CEL queries can be combined to create a policy. See example. Audit your application using your opinionated policy as code
vet scan -D /path/to/dir \
--filter-suite /path/to/policy.yml \
--filter-fail
Setup Guardrails in CI/CD
vet supports a native GitHub Action that can be used to easily setup a policy driven guardrail against risky OSS components. Refer to vet-action on setting up pull request integration for GitHub.
Whats Next?
Refer to vet GitHub Repository for latest documentation on usage.