OSV-Scanner: A Free Vulnerability Scanner For Open-Source Software
HelpNet Security, December 14th, 2022
After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source developers can use to check for vulnerabilities in their projects' dependencies.
Finding vulnerabilities in open-source dependencies
'OSV.dev allows all the different open source ecosystems and vulnerability databases to publish and consume information in one simple, precise, and machine readable format,' explained Rex Pan, a software engineer with the Google Open Source Security Team.