Announcing DefectDojo Integration

Announcements

SafeDep Team

• Apr 14, 2025 • 1 min read

Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.

TL;DR

Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.

Usage

Learn more about the integration at DefectDojo Integration Guide

Support

Report bugs and feature requests to GitHub issues
Start feature discussions at GitHub discussions

defectdojo
integration
malware
software-composition-analysis
sca

Author

SafeDep Team

safedep.io

The Latest from SafeDep blogs

Follow for the latest updates and insights on open source security & engineering

Malware

Malicious hermes-px on PyPI Steals AI Conversations

hermes-px on PyPI steals AI conversations via triple-encrypted exfiltration to Supabase, routing through a hijacked university endpoint while injecting a stolen 245KB system prompt.

Malware

Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2

A coordinated campaign of thirty-six malicious npm packages published by four sock-puppet accounts (umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1) targets Strapi CMS deployments with eight...

Security

prt-scan: A 5-Phase GitHub Actions Credential Theft Campaign

A throwaway GitHub account submitted 219+ malicious pull requests in a single day, each carrying a 352-line payload that steals CI secrets, injects workflows, bypasses label gates, and scans /proc...

Malware

Compromised npm Package mgc Deploys Multi-Platform RAT

The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.

View All Blogs