Vet is a command-line security scanner that automates CASA Tier 2 and OWASP ASVS Level 2 checks against web applications. Point it at a URL, get a JSON report of pass/fail results mapped to specific ASVS controls.

Tutorials

Learn vet step by step.

• Scan your first app in 5 minutes — Install vet, run a scan, read the results, fix a finding, and verify the fix.

How-to Guides

Solve specific problems.

• Add vet to your CI pipeline — Run vet on every push or PR with GitHub Actions or GitLab CI.
• Scan OAuth apps — Test OAuth flows for CASA compliance using --client-id and --client-secret.
• Scan specific categories — Use the --only flag to run a subset of probes.

Reference

Look up flags, output schemas, and check IDs.

• CLI Reference — Every command, flag, output field, category, and ASVS control ID.

Explanation

Understand the background and design decisions.

• What is CASA Tier 2? — Google’s security review program, tier system, and how vet fits in.
• OWASP ASVS mapping — How vet’s checks map to ASVS controls, what’s covered, and what still needs a human.