TRY for FREE vet 1.9 is available with Malicious Open Source Package Scanning. Learn More »

Announcing DefectDojo Integration

Introducing DefectDojo Integration allowing vet users to export scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management while using vet for identifying vulnerable and malicious open source packages.

SafeDep Team · Apr 14, 2025 · 1 min read

Announcing DefectDojo Integration with vet allowing users to export OSS dependency scan results to DefectDojo. Continue leveraging DefectDojo for your vulnerability management needs while using vet for identifying vulnerable and malicious open source packages, staying safe and compliant.

TL;DR

Use vet to identify vulnerable and malicious open source packages in your project and export the scan results to DefectDojo for vulnerability management.

Usage

Learn more about the integration at DefectDojo Integration Guide

Support

Report bugs and feature requests to GitHub issues
Start feature discussions at GitHub discussions

Back to Blog

View All Posts »

🚀 Introducing GitLab CI/CD Component

Introducing GitLab CI/CD Component, available in GiLab CI Catalog for seamless integration of vet in GitLab CI. Protect against vulnerable and malicious packages in your GitLab projects.

Catching the Silent Threat: How Dynamic Analysis Revealed a Complex npm Attack Chain

Explore how analyzing runtime behaviors using Dynamic Analysis data helps uncover abnormal activities in open source packages. By examining network connections and unusual binary executions during package installation, we identify potential malicious actors and packages.

Introducing Package Manager Guard (PMG)

Introducing Package Manager Guard (PMG), a new tool to protect developers from malicious packages at the time of installation. Seamless integration with popular package managers like npm, pnpm etc.

Dynamic Malware Analysis of Open Source Packages at Scale

Exploring the idea of building a complementary system that can verify and correlate static analysis findings. Thats where dynamic analysis comes in ie. the ability to "run" an open source package in an observed environment and determine its safety status based on real behavior at runtime