Introducing vetpkg.dev - Open Source Component Security Dashboard
Introducing vetpkg.dev - Built using SafeDep API to provide an easy to use visibility of open source component security information.
Blog
Follow for the latest updates and insights on
open source security & engineering.
What is Next Generation Software Composition Analysis?
Software Composition Analysis has been there for a while. But the problems associated with open source vulnerabilities persist. Next-gen SCA is the promised solution. What is it and how does it work?
Eliminating SCA Noise using Dependency Usage Evidence
SafeDep Code Analysis framework augments vet, our free and open source tool with code context.
Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.
Ship Code
Not Malware
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App