Skip to content
@safedep

SafeDep

Safe & Trusted Open Source Components
README.md
SafeDep Banner

shield Protect Your Code. Stop Malicious Packages.

We scan the code you didn’t write — before it reaches your codebase.

Website


SafeDep protects you from malicious code hidden in the open source packages you install every day. Secure your supply chain with PMG & VET.

💡 Why SafeDep?

bolt Real-time Detection cogs CI/CD Native
Detect malicious packages instantly before they enter your dependency tree. Protect your builds and pipelines automatically with our open-source tooling.
fire-extinguisher Risk Reduction users Community Trusted
Drastically reduce risks from compromised dependencies and typosquatting. Open source tooling, trusted by developers and security engineers worldwide.

🤝 Join the Mission

We are securing the ecosystem one package at a time.

star Star our Reposbug Report Issuescomments Discussions

Pinned Loading

  1. vet vet Public

    Protect against malicious open source packages 🤖

    Go 938 85

  2. vet-action vet-action Public

    GitHub Action for policy driven vetting of open source dependencies

    TypeScript 11 2

  3. pmg pmg Public

    PMG protects developers from getting hacked by malicious open source packages. Stop the next Shai-Hulud or S1ngularity before it happens.

    Go 93 10

  4. xbom xbom Public

    Generate xBOMs enriched with AI, SaaS, Crypto and more using Static Code Analysis

    Go 25 3

Repositories

Showing 10 of 33 repositories
  • vet Public

    Protect against malicious open source packages 🤖

    safedep/vet’s past year of commit activity
    Go 938 Apache-2.0 85 79 (1 issue needs help) 15 Updated Jan 30, 2026
  • homebrew-tap Public
    safedep/homebrew-tap’s past year of commit activity
    Ruby 0 0 0 0 Updated Jan 29, 2026
  • dry Public

    Do not repeat yourself. Re-usable utils for Go apps

    safedep/dry’s past year of commit activity
    Go 4 Apache-2.0 0 3 1 Updated Jan 29, 2026
  • pmg Public

    PMG protects developers from getting hacked by malicious open source packages. Stop the next Shai-Hulud or S1ngularity before it happens.

    safedep/pmg’s past year of commit activity
    Go 93 Apache-2.0 10 18 (3 issues need help) 1 Updated Jan 29, 2026
  • .github Public
    safedep/.github’s past year of commit activity
    0 1 0 1 Updated Jan 28, 2026
  • vet-bitbucket-pipe Public

    Bitbucket Pipe for vet

    safedep/vet-bitbucket-pipe’s past year of commit activity
    Shell 1 Apache-2.0 0 1 1 Updated Jan 27, 2026
  • xbom Public

    Generate xBOMs enriched with AI, SaaS, Crypto and more using Static Code Analysis

    safedep/xbom’s past year of commit activity
    Go 25 Apache-2.0 3 9 (4 issues need help) 1 Updated Jan 22, 2026
  • vet-gitlab-ci-component Public

    GitLab CI/CD Component for https://github.com/safedep/vet

    safedep/vet-gitlab-ci-component’s past year of commit activity
    1 Apache-2.0 0 5 0 Updated Jan 21, 2026
  • docs Public
    safedep/docs’s past year of commit activity
    MDX 0 0 2 0 Updated Jan 21, 2026
  • skills Public

    Agents Skills for Software Supply Chain Security

    safedep/skills’s past year of commit activity
    1 Apache-2.0 0 0 0 Updated Jan 21, 2026
View all repositories

Most used topics

Loading…
Developer Program Member