Secure Vibe Coding with AI Agents
AI coding agents make development faster but can inadvertently introduce security risks by suggesting unvetted packages. Learn how to use vet MCP server for adding security to your vibe coding...
Blog
Follow for the latest updates and insights on
open source security & engineering.
SBOM Completeness with Direct & Transitive Dependencies
Hidden transitive dependencies create security blind spots. This blog shows developers and CISOs how SafeDep vet uncovers full Maven dependency graphs, generating CycloneDX SBOMs and compliance-ready...
eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware
A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the...
SBOM and the EU Cyber Resilience Act (CRA) – What Software Vendors Need to Know
The EU Cyber Resilience Act makes SBOMs mandatory for software products sold in Europe starting December 2027, with fines up to €15 million for non-compliance. Here's what software vendors need to...
Ship Code
Not Malware
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App