Vet is a command-line security scanner that automates CASA Tier 2 and OWASP ASVS Level 2 checks against web applications. Point it at a URL, get a JSON report of pass/fail results mapped to specific ASVS controls.
Tutorials
Learn vet step by step.
- Scan your first app in 5 minutes — Install vet, run a scan, read the results, fix a finding, and verify the fix.
How-to Guides
Solve specific problems.
- Add vet to your CI pipeline — Run vet on every push or PR with GitHub Actions or GitLab CI.
- Scan OAuth apps — Test OAuth flows for CASA compliance using
--client-idand--client-secret. - Scan specific categories — Use the
--onlyflag to run a subset of probes.
Reference
Look up flags, output schemas, and check IDs.
- CLI Reference — Every command, flag, output field, category, and ASVS control ID.
Explanation
Understand the background and design decisions.
- What is CASA Tier 2? — Google’s security review program, tier system, and how vet fits in.
- OWASP ASVS mapping — How vet’s checks map to ASVS controls, what’s covered, and what still needs a human.