vet is a tool for identifying risks in open source software supply chain. It goes beyond just vulnerabilities and provides visibility on OSS package risks due to it’s license, popularity, security hygiene, and more. vet is designed with the goal of enabling trusted OSS package consumption by integrating with CI/CD and policy as code as guardrails.
