How a Security Team use Policy as Code for Open Source Security

Announcements

SafeDep Team

• Oct 22, 2024 • 1 min read

SBOM is being mandated in certain regulated industries, especially for tracking open source dependencies. However the usefulness of SBOM, which is basically an inventory, is the tooling and use-cases around it. Conventional SCA tools are notorious for false positives and noise. Ability to prevent insecure or risky open source components proactively is required to maintain a healthy and trustworthy open source software supply chain. In this talk, we look at how to use vet for establishing security guardrails against risky OSS components. We also look at a case study of how a security team leverage vet's policy as code feature for enforcing opinionated security policies.

vet
sbom
sql
cloud

Author

SafeDep Team

safedep.io

The Latest from SafeDep blogs

Follow for the latest updates and insights on open source security & engineering

Open Source

Curious Case of Embedded Executable in a Newly Introduced Transitive Dependency

A routine dependency upgrade introduced a suspicious transitive dependency with an embedded executable. While manual analysis confirmed it wasn't malicious, this incident highlights the implicit...

Announcements

Contributing to SafeDep Open Source Projects during Hacktoberfest 2025

Learn how to contribute to SafeDep open source projects during Hacktoberfest 2025 and help secure the open source software supply chain.

Malware

Malicious npm Packages Impersonating Hyatt Internal Dependencies

Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and...

Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection

SafeDep launches a GitHub App for zero-configuration protection against malicious open source packages. Instantly scan pull requests and keep your code repositories safe from supply chain attacks.

View All Blogs