For SafeDep Cloud, refer to Cloud Quickstart

Learn how to use SafeDep vet to detect security risks and implement policy-based controls that help you avoid incorporating vulnerable or malicious open source dependencies into your projects.

Installation

For additional installation options, refer to vet’s README.

Running Your First Scan

Scan a source code repository, auto-discovering well-known manifest files:

vet scan -D /path/to/dir
vet scanning a directory

Other scanning options

For more information on scanning options, refer to vet’s README.

Policy as Code

vet supports CEL based policy language for identifying risks. Scan and fail on critical or high risk vulnerabilities:

vet scan -D /path/to/dir \
  --filter '(vulns.critical.size() > 0) || (vulns.high.size() > 0)' \
  --filter-fail

Advanced Policy Configuration

Multiple CEL queries can be combined to create a comprehensive policy. See example. Audit your application using your opinionated policy as code:

vet scan -D /path/to/dir \
  --filter-suite /path/to/policy.yml \
  --filter-fail

Setup CI/CD Guardrails

vet supports a native GitHub Action that can be used to easily setup policy-driven guardrails against risky OSS components.

vet guardrails in GitHub

What’s Next?

Refer to vet GitHub Repository for the latest documentation on usage and advanced features.