TRY for FREE vet 1.9 is available with Malicious Open Source Package Scanning. Learn More »

Apr 14, 2025 · 1 min read

Announcing DefectDojo Integration

Introducing DefectDojo Integration allowing vet users to export scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management while using vet for identifying vulnerable and malicious open source packages.

Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.

TL;DR

Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.

Usage

Learn more about the integration at DefectDojo Integration Guide

Support

Report bugs and feature requests to GitHub issues
Start feature discussions at GitHub discussions

Back to Blog

View All Posts »

🚀 Introducing GitLab CI/CD Component

Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.

Analysis of 5000+ Malicious Open Source Packages

Analysis of malicious open source packages from Datadog's malicious packages dataset. Each of these packages were found in the wild and confirmed to be malicious. The goal of this analysis is to understand the nature of malicious OSS packages and how they are distributed in the wild.

Agentic Workflows for Malicious Package Analysis

Experiments with agentic workflows for malicious package analysis built using Claude Desktop, Model Context Protocol (MCP) server, static code analysis and SafeDep Cloud API tools.

Typosquatt alert ! Malicious npm Package: nyc-config

Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.