๐ Introducing GitLab CI/CD Component
Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.
SafeDep Blog
Follow for the latest updates and insights on open source security & engineering.
Agentic Workflows for Malicious Package Analysis
Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.
Typosquatt alert ! Malicious npm Package: nyc-config
Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.
Introducing vetpkg.dev - Open Source Component Security Dashboard
Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.
Eliminating SCA Noise using Dependency Usage Evidence
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
What is Next Generation Software Composition Analysis?
Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?
