V OpenVet / docs
/ cli reference / openvet check

openvet check

Verify that your project's lockfile satisfies the openvet policy.

openvet check is the gate. It walks your project’s lockfile (Cargo, npm, pip, Go, or RubyGems — auto-detected), looks up each pinned dependency’s audit state against the logs pinned in openvet.lock, and exits non-zero if any dependency violates your policy.

Usage # 

openvet check

A clean run prints a short summary and exits 0. A failed run lists each unsatisfied dependency with the criterion it missed and exits non-zero.

In CI #

This is the recommended way to use OpenVet in a CI pipeline. check does not need network access — everything it consults is in openvet.lock and your existing lockfile. Run it after dependency installation, before your build.

openvet check

Common failures #

  • policy violation — a dependency exists in your lockfile but no audit in the pinned logs satisfies your policy for it.
  • stale lock — your project lockfile has changed and references packages that weren’t covered by the last update. Re-run openvet update.

TODO: full failure-mode table and exit-code reference.

Edit this page on GitLab