Skip to main content
For SafeDep Cloud, refer to Cloud Quickstart
Learn how to use SafeDep vet to detect security risks and implement policy-based controls that help you avoid incorporating vulnerable or malicious open source dependencies into your projects.

​
Installation

brew tap safedep/tap
brew install safedep/tap/vet

docker run --rm -it ghcr.io/safedep/vet:latest version
Download a pre-built binary suitable for your OS at GitHub Releases
For additional installation options, refer to vet’s README.

​
Running Your First Scan

Scan a source code repository, auto-discovering well-known manifest files: 
vet scan -D /path/to/dir
vet scanning a directory

​
Other scanning options

vet scan -M package-lock.json

vet scan --purl pkg:npm/express@4.18.2

vet scan -M /path/to/my-app.jar

vet scan --image ghcr.io/safedep/vet:latest
For more information on scanning options, refer to vet’s README.

​
Policy as Code

vet supports CEL based policy language for identifying risks. Scan and fail on critical or high risk vulnerabilities: 
vet scan -D /path/to/dir \
  --filter '(vulns.critical.size() > 0) || (vulns.high.size() > 0)' \
  --filter-fail

​
Advanced Policy Configuration

Multiple CEL queries can be combined to create a comprehensive policy. See example. Audit your application using your opinionated policy as code: 
vet scan -D /path/to/dir \
  --filter-suite /path/to/policy.yml \
  --filter-fail

​
Setup CI/CD Guardrails

vet supports a native GitHub Action that can be used to easily setup policy-driven guardrails against risky OSS components. vet guardrails in GitHub

GitHub Integration

Setup vet with GitHub Actions and Code Scanning

GitLab Integration

Integrate vet with GitLab CI/CD pipelines

Policy Configuration

Learn advanced policy configuration with CEL

Cloud Platform

Scale across your organization with SafeDep Cloud

​
What’s Next?

Refer to vet GitHub Repository for the latest documentation on usage and advanced features.
⌘I