Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.
The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect “a project’s list of dependencies with the vulnerabilities that affect them,” Google software engineer Rex Pan in a post shared with The Hacker News.
“The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases,” Pan added.
The idea is to identify all the transitive dependencies of a project and highlight relevant vulnerabilities using data pulled from OSV.dev database.
Google further stated that the open source platform supports 16 ecosystems, counting all major languages, Linux distributions (Debian and Alpine), as well as Android, Linux Kernel, and OSS-Fuzz.
images from Hacker News