Documentation

Complete guide to using git.vet for repository security scanning

Quick Start

Add git.vet/ to any git clone URL to scan for security issues:

git clone https://git.vet/github.com/owner/repo

Scan Modes

git.vet supports multiple output modes via URL prefixes:

Clone Mode

Get the security report and complete the clone:

git clone https://git.vet/clone/github.com/owner/repo

Plain Mode

ASCII-only output for terminals without unicode support:

git clone https://git.vet/plain/github.com/owner/repo

JSON Mode

Structured JSON output for automation and integrations:

git clone https://git.vet/json/github.com/owner/repo 2>&1 | grep -o '{.*}'

Supported Hosts

Limitations

git.vet currently supports public repositories only. Private repository scanning is not available at this time.

For private repository security scanning, consider:

• Running opengrep locally on your machine
• Using GitHub's built-in code scanning
• Self-hosting git.vet (open source)

Web Reports

Every scan generates a shareable web report:

# Report URL shown in scan output
https://git.vet/r/{commit-sha}

# View all scans for a repository
https://git.vet/reports/github.com/owner/repo

# Latest scan for a repository
https://git.vet/reports/github.com/owner/repo/latest

SSH Access

git.vet supports SSH protocol with multiple URL formats:

# Standard git@ format
git clone git@git.vet:github.com/owner/repo

# Slash format
git clone ssh://git.vet/github.com/owner/repo

# GitHub-style colon format
git clone ssh://git.vet/github.com:owner/repo

How It Works

git.vet implements the git smart HTTP protocol:

1. Intercepts your git clone request
2. Fetches the repository (shallow clone)
3. Scans with opengrep (fast, framework-agnostic static analysis)
4. Streams results via git protocol sideband
5. Intentionally fails the clone (or completes in /clone/ mode)

API Reference

Metrics Endpoint

GET https://git.vet/metrics

Returns JSON with server metrics (uptime, cache hits, scan times, etc.)