Hackers of India

vet: Open Source Software Supply Chain Security Guardrail in the age of AI SDLC

By Abhisek Datta on 23 Apr 2026 @ Blackhat : Arsenal
πŸ’» Source Code πŸ”— Link
#supply-chain-security #open-source-security #sca #ai-security #devsecops
Focus Areas: πŸ€– AI & ML Security , πŸ“¦ Software Supply Chain Security , πŸ” Application Security
This tool demo covers following tools where the speaker has contributed or authored
VET

Abstract

vet is an open source software supply chain security tool, enhanced for the AI assisted SDLC. Unlike traditional SCA tools, vet proactively detects malicious packages before they appear in OSV database, integrates as an MCP server with AI IDEs and coding agents (e.g. Cursor, Claude Code), and provides conversational analysis over scan results. This places it uniquely between package level malicious code detection and developer-first defense in the age of AI coding tools.

https://github.com/safedep/vet