Vet: Open-source software supply chain security tool

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages.

Vet supports several ecosystems, including npm, PyPI, Maven, Go, Docker, and GitHub Actions, making it useful across many types of projects.

One of Vet’s key features is its use of real-time malicious package detection, powered by SafeDep Cloud. It also lets users define custom security policies using CEL (Common Expression Language), giving teams more control over how rules are applied. Built with DevSecOps in mind, Vet works with popular CI/CD tools like GitHub Actions and GitLab CI.

Vet is available for free on GitHub.

Must read:

• GitHub CISO on security strategy and collaborating with the open-source community
• Don’t let these open-source cybersecurity tools slip under your radar
• 33 open-source cybersecurity solutions you didn’t know you needed

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!