Security News > 2022 > December > OSV-Scanner: A free vulnerability scanner for open-source software
After releasing the Open Source Vulnerabilities database in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source developers can use to check for vulnerabilities in their projects' dependencies.
Finding vulnerabilities in open-source dependencies.
"OSV.dev allows all the different open source ecosystems and vulnerability databases to publish and consume information in one simple, precise, and machine readable format," explained Rex Pan, a software engineer with the Google Open Source Security Team.
"Altogether OSV.dev now supports 16 ecosystems, including all major language ecosystems, Linux distributions, as well as Android, Linux Kernel, and OSS-Fuzz. This means the OSV.dev database is now the biggest open source vulnerability database of its kind, with a total of over 38,000 advisories from 15,000 advisories a year ago."
The tool can be configured to ignore specific vulnerabilities.
Google plans to turn OSV-Scanner into a full-fledged vulnerability management tool by further integrating with developer workflows, adding features such as automatic remediation of vulnerabilities by making minimal version bumps, and by improving C/C++ vulnerability support.
News URL
https://www.helpnetsecurity.com/2022/12/14/vulnerabilities-open-source-dependencies/