OpenVet Blog
Notes from building OpenVet — a public registry for software supply-chain audits.
Reactive vs proactive supply-chain security
Why OpenVet bets on proactive audits instead of CVEs, SBOMs, signed releases, and dependency cooldowns.
OpenVet 0.6.0 Release
OpenVet 0.6.0 is out. The OpenVet repo is now the first project whose direct dependencies are fully audited. The release adds openvet guard (block a build until policy passes), openvet info (a man-page-shaped view of one dependency), per-direct-dependency narratives on audits, and project root auto-discovery.
Licensing of audits hosted on the OpenVet Registry
Why the OpenVet Registry will require audits to be published under CC0 or CC-BY-4.0, and how that decision is encoded in the audit data structure.
Supply-Chain Update #1
Summarized articles about software supply-chain security, vulnerabilities, attacks and mitigations from early May 2026
OpenVet Registry: first preview deployment
The OpenVet Registry is now live at openvet.org as a preview deployment.
OpenVet 0.5.0 Release
OpenVet 0.5.0 is out. Driven by dogfooding 111 audits of OpenVet's own dependencies: an audit linter, an OpenVet query command, and a deliberate wire-format reshape before 1.0.
Hello, OpenVet
Why I'm building OpenVet, what it does, and what to expect from this blog.