Table of Contents
Announcing the new GitLab CI/CD Component, available in GitLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects. This integration enables GitLab users to easily integrate vet with their GitLab CI pipelines. This integration protects GitLab projects from vulnerable and malicious packages in the dependency tree.
TL;DR
Usage
Features
- Scan all dependencies and report vulnerabilities to GitLab security dashboard

- Integrates with SafeDep Cloud to protect against malicious open source packages through active code analysis

Support
- Report bugs and feature requests to GitHub issues
- Start feature discussions at GitHub discussions
- gitlab
- cicd
- integration
- malware
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
AsyncAPI Packages Compromised with Miasma RAT
Four @asyncapi npm packages were published with obfuscated malware on July 14, 2026 via compromised CI workflows. The payload downloads Miasma RAT, a credential stealer targeting browsers, SSH keys,...
nodemon-sudo: an npm Backdoor With No Install Script
nodemon-sudo copies the real nodemon byte for byte, adds nothing malicious to its own code, and injects one extra dependency, tslint-conf, a repackaged pino logger carrying a backdoor. There is no...
Official jscrambler npm Package Compromised Across Multiple Releases
The official jscrambler npm package (60K monthly downloads) was trojanized starting at 8.14.0 through an npm account or CI compromise. The attacker republished the same Rust infostealer across five...
@marketfront: 25 npm Packages Reuse a Known Lure
On July 1, 2026, npm user marketfront batch-published 25 packages carrying the same README lure SafeDep has tracked across four earlier accounts (mr.4nd3r50n, pik-libs, t-in-one, emcd-vue): "Internal...
Ship Code.
Not Malware.
Start free with open source tools on your machine. Scale to a unified platform for your organization.