Security News > 2022 > December > Google releases dev tool to list vulnerabilities in project dependencies

Google releases dev tool to list vulnerabilities in project dependencies
2022-12-13 18:00

Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project.

The scanner draws data from OSV.dev, the distributed vulnerability database for open source code that Google released in February 2021, to offer relevant information about known security issues affecting open-source code.

Like any code, these open-source components are not impervious to security vulnerabilities.

If one considers that many of these dependencies have dependencies of their own, the number of packages that need to be evaluated from a security perspective makes vulnerability tracking a difficult undertaking.

"The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer's list of packages and the information in vulnerability databases," reads the announcement.

Google says the next step for OSV Scanner is to improve C/C++ vulnerability support, tackling a very challenging software ecosystem, and integrate standalone CI actions to allow easy scheduling of scans.


News URL

https://www.bleepingcomputer.com/news/security/google-releases-dev-tool-to-list-vulnerabilities-in-project-dependencies/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4226 4525 728 9732