Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages.
Vet supports several ecosystems, including npm, PyPI, Maven, Go, Docker, and GitHub Actions, making it useful across many types of projects.
One of Vet’s key features is its use of real-time malicious package detection, powered by SafeDep Cloud. It also lets users define custom security policies using CEL (Common Expression Language), giving teams more control over how rules are applied. Built with DevSecOps in mind, Vet works with popular CI/CD tools like GitHub Actions and GitLab CI.
Vet is available for free on GitHub.
Must read:
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!
