Announcing DefectDojo Integration

Announcements

SafeDep Team

• Apr 14, 2025 • 1 min read

Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.

TL;DR

Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.

Usage

Learn more about the integration at DefectDojo Integration Guide

Support

Report bugs and feature requests to GitHub issues
Start feature discussions at GitHub discussions

defectdojo
integration
malware
software-composition-analysis
sca

Author

SafeDep Team

safedep.io

The Latest from SafeDep blogs

Follow for the latest updates and insights on open source security & engineering

Malware

Compromised node-ipc on npm: Credential Stealer via DNS Exfiltration

Analysis of compromised node-ipc versions 9.1.6, 9.2.3, and 12.0.1 on npm: a maintainer account takeover injects an 80KB obfuscated credential stealer that targets 100+ sensitive files (SSH keys,...

Security

Cache Poisoning Through pull_request_target: The TanStack Incident

A GitHub user opened a PR against TanStack Router from a fork, poisoned the shared pnpm cache through a pull_request_target workflow, then force-pushed the branch clean. When the release pipeline...

Malware

Malicious npm Packages Backdoor Claude Code Sessions

Five typosquatting npm packages ship a hidden ELF binary that fires on install and re-runs via Claude Code's SessionStart hook on every developer session. C2 is 207.90.194.2:443.

Malware

Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages

Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of...

View All Blogs