Announcing DefectDojo Integration
Table of Contents
Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.
TL;DR
Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.
Usage
Learn more about the integration at DefectDojo Integration Guide
Support
- Report bugs and feature requests to GitHub issues
- Start feature discussions at GitHub discussions
- defectdojo
- integration
- malware
- software-composition-analysis
- sca
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection
SafeDep launches a GitHub App for zero-configuration protection against malicious open source packages. Instantly scan pull requests and keep your code repositories safe from supply chain attacks.
Diff-based SCA with AI is Broken — Real Examples from Pipfile.lock, yarn.lock, and Cargo.lock
Diff-based Software Composition Analysis (SCA) scanners in pull requests are prone to blind spots. By relying only on git diff data, they miss package context, suffer from nondeterministic...
Shai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...
npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More
npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm...
Ship Code
Not Malware
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App