Logo of vet

vet

vet is an open source software supply chain security tool built for developers and security engineers for enforcing policy driven guardrails against risky open source packages. vet has a built-in code analysis engine to identify risky open source packages that actually impacts an application. vet leverage SafeDep's malicious package scanning infrastructure to provide near real-time protection against malicious open source packages.

github.com/safedep/vetsafedep.io
Logo of pmg

pmg

Package Manager Guard (PMG) wraps popular package managers such as npm, pnpm, yarn, pip and more to proactively detect and prevent installation of malicious open source packages in developer machines.

github.com/safedep/pmgsafedep.io
Logo of xbom

xbom

xBOM is designed to build contextual bill of materials for a given software through static code analysis. While software composition analysis (SCA) tools build SBOM for 3rd party OSS usage in an application, xBOM augments them with information about AI / Crypto / SaaS BOM.

github.com/safedep/xbomsafedep.io

Maintainer

Abhisek Datta

Co-Founder at SafeDep

How to support

Advocate the need for safeguarding the open source software supply chain.
Driving adoption among OSS maintainers, contributing code, documentation and roadmap.

A small brief about your project

SafeDep develops and maintains open source tools to safeguard an organization's open source software supply chain. vet for CI/CD and AI IDEs, pmg for developer tooling, xBOM for 3rd party code capability identification. Together they are built to help an organization protect against open source software supply chain attacks.

One FOSS maintainer lesson for your younger self

Keep things simple. Clear documentation for users and contributors. Software needs to be designed to enable easy community contribution. Without community, the project will die.

Why do you do it? Why do you bother maintaining a FOSS project?

Started as a hobby project to solve a problem at work. Eventually saw traction outside immediate circle. Now the usage, asks and community participation keeps me going.

If your repo had a theme song, what would it be?

Paranoid by Black Sabbath.

Which file in your project would you most like to set on fire?

./api

What's your open-source villain origin story?

Let me reverse engineer that and build OSS

If you had to use one emoji to convey what it's like to be a FOSS maintainer, what would it be?

😮

Built and Maintained by FOSS United

Contribute Forum RSS
foundation@fossunited.org
United By FOSS Logo