Quickstart
From zero to a passing openvet check in five minutes.
This walkthrough assumes you’ve already installed the CLI and have a project with a lockfile (Cargo, npm, pip, Go modules, or RubyGems are all supported).
1. Initialise #
From your project root:
openvet initThis drops an openvet.toml next to your lockfile. The generated file
contains commented-out examples for trusting logs and declaring a policy
— open it and uncomment the bits that apply to your project.
2. Pin the logs #
Once you’ve declared the logs you want to trust:
openvet updateThis fetches each log, verifies its signature chain, and writes the
verified head into openvet.lock. Commit both files.
3. Check the lockfile #
openvet checkcheck walks your project’s dependency lockfile, looks up each package’s
audit status against the pinned logs, and reports any dependency that
doesn’t satisfy your policy. A clean run exits 0; violations exit non-zero
and print the offending packages.
What’s next #
- To author your own audits and publish them to a log you control, see the audit subcommand.
- To wire
openvet checkinto CI, run it as part of your existing build job — it has no network requirements onceopenvet.lockis populated.