vet
🙌 Refer to https://safedep.io/docs for the documentation 📖
🙌 Refer to https://safedep.io/docs for the documentation 📖
Automate Open Source Package Vetting in CI/CD
vet is a tool for identifying risks in open source software supply chain. It
helps engineering and security teams to identify potential issues in their open
source dependencies and evaluate them against organizational policies.
🔥 vet in action
Getting Started
-
Download the binary file for your operating system/architecture from the Official GitHub Releases
-
Get an API key for the vet insights data access for performing the scan
vet auth trial --email john.doe@example.com
A time limited trial API key will be sent over email.
- Configure
vetto use API key to access the insights
vet auth configure
Insights API is used to enrich OSS packages with metadata for rich query and policy decisions. Alternatively, the API key can be passed through environment variable
VET_API_KEY
- Run
vetto identify risks
vet scan -D /path/to/repository
- You can also scan a specific (supported) package manifest
vet scan --lockfiles /path/to/pom.xml
vet scan --lockfiles /path/to/requirements.txt
vet scan --lockfiles /path/to/package-lock.json
Example Security Gate using
vetto prevent introducing new OSS dependency risk in an application.
📖 Documentation
- Refer to https://safedep.io/docs for the detailed documentation
🎊 Community
First of all, thank you so much for showing interest in vet, we appreciate it ❤️
- Join the server using the link - https://rebrand.ly/safedep-community
