Announcing DefectDojo Integration

Announcements

SafeDep Team

• Apr 14, 2025 • 1 min read

Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.

TL;DR

Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.

Usage

Learn more about the integration at DefectDojo Integration Guide

Support

Report bugs and feature requests to GitHub issues
Start feature discussions at GitHub discussions

defectdojo
integration
malware
software-composition-analysis
sca

Author

SafeDep Team

safedep.io

The Latest from SafeDep blogs

Follow for the latest updates and insights on open source security & engineering

Malware

Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines

A malicious npm package impersonating react-refresh, Meta's library with 42 million weekly downloads, was detected by SafeDep. The package injects a two-layer obfuscated dropper into runtime.js that...

Threat Modeling the AI-Native SDLC: Supply Chain Security in the Age of Coding Agents

AI agents are rewriting the software development lifecycle. From vibe coding to autonomous CI/CD, every phase now involves an LLM making decisions about your code and dependencies. Here is a threat...

How to Write Time-Based Security Policies in SafeDep vet

Protect against unknown malicious open source packages by enforcing a supply chain cooling-off period using the now() CEL function in SafeDep vet.

Malware

Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord

A malicious npm package impersonating the popular pino logger was detected by SafeDep. The package hides obfuscated code inside a legitimate library file to steal environment secrets and send them to...

View All Blogs