Linux Foundation survey says 70-90% of modern software constitute OSS code. Yet we are stuck with tools that scan only for vulnerabilities in 3rd party libraries and that too with high degree of false positives. I built `vet` for policy and data driven analysis of 3rd party packages that goes beyond only vulnerability and allows codifying organisational policies related to OSS consumption.https://github.com/safedep/vet
Looking forward to feedback and suggestions from HN :)