Vet detects malicious open source packages in real-time, integrating with software development workflows to enhance security. It benefits DevOps and security teams by preventing supply chain attacks, connecting to package managers like npm, PyPI, and RubyGems.
git clone https://github.com/safedep/vet.githttps://docs.safedep.io/
Scan for malware in open source dependencies to prevent security breaches.
Integrate vet into CI/CD pipelines to automatically fail builds on critical vulnerabilities.
Define and enforce security policies using CEL expressions for tailored compliance.
Analyze specific packages for known vulnerabilities and malware before deployment.
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/safedep/vetCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Please analyze the open source package [PACKAGE_NAME] used in our [PROJECT_NAME] project for any potential vulnerabilities. Provide a detailed report on any risks detected, including suggestions for remediation.
### Vulnerability Report for `example-package` **Detected Vulnerabilities:** - **CVE-2023-12345**: High severity vulnerability that allows for remote code execution. - **CVE-2023-67890**: Medium severity vulnerability related to insecure deserialization. **Recommendations:** - Upgrade to version `1.2.3` or later to mitigate the high severity issue. - Review the deserialization process in your application to ensure proper validation. **Additional Notes:** - Regularly monitor dependencies for updates and security patches. - Consider using automated tools to continuously scan for vulnerabilities in your open source packages.
Manage Node.js packages and dependencies effortlessly with streamlined version control.
AI-powered security engineer for vulnerability management
Ensure cloud security with continuous monitoring and vulnerability management.
AI-powered compliance platform for 50+ laws
Agentic Offensive Security at Scale
Security patch notifications for servers