vet

vet is a tool for protecting against open source software supply chain attacks. To adapt to organisational needs, it uses an opinionated policy expressed as Common Expressions Language (CEL) and extensive package security metadata including: - Code Analysis to guard against risks that actually matter - Vulnerabilities from OSV - Popularity based guardrails to prevent unvetted or risky packages - Maintenance status of the package - Extended License Attributes based compliance - OpenSSF Scorecard based 3rd party OSS risk management - Direct and Transitive dependency analysis for coverage