Vet
Analyzes software composition for vulnerabilities and malicious packages using policy-as-code.
关于
Vet is an open-source software supply chain security tool that helps developers and security engineers identify vulnerabilities and malicious packages in their dependencies. It offers next-generation Software Composition Analysis (SCA), policy as code using CEL, and real-time malicious package detection powered by SafeDep Cloud. With support for multiple ecosystems like npm, PyPI, Maven, and CI/CD integration, Vet aims to provide comprehensive supply chain security for DevSecOps workflows.
主要功能
- Real-time malicious package detection
- Next-generation Software Composition Analysis
- Code Analysis identifies dependency usage
- Policy as Code using CEL
- 473 GitHub stars
- CI/CD native integrations (GitHub Actions, GitLab CI)
- Multi-ecosystem support (npm, PyPI, Maven, Go, Docker, etc.)
使用案例
- Identify and block malicious packages in the supply chain
- Enforce security policies using CEL expressions
- Detect vulnerabilities in project dependencies
Sponsored