Security News > 2022 > December > Google releases dev tool to list vulnerabilities in project dependencies
Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project.
The scanner draws data from OSV.dev, the distributed vulnerability database for open source code that Google released in February 2021, to offer relevant information about known security issues affecting open-source code.
Like any code, these open-source components are not impervious to security vulnerabilities.
If one considers that many of these dependencies have dependencies of their own, the number of packages that need to be evaluated from a security perspective makes vulnerability tracking a difficult undertaking.
"The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer's list of packages and the information in vulnerability databases," reads the announcement.
Google says the next step for OSV Scanner is to improve C/C++ vulnerability support, tackling a very challenging software ecosystem, and integrate standalone CI actions to allow easy scheduling of scans.