osv-scanner

module

v1.9.1 Latest Latest Go to latest Published: Oct 30, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv-scanner

Links

Open Source Insights

README ¶

OSV-Scanner

Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:

Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database)
Anyone can suggest improvements to advisories, resulting in a very high quality database
The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages

The above all results in fewer, more actionable vulnerability notifications, which reduces the time needed to resolve them. Check out our announcement blog post for more details!

Documentation

Read our detailed documentation to learn how to use OSV-Scanner.

Go toolchain compatibility policy

We aim to keep the osv-scanner library packages compatible with supported versions of Go (last 2 Go releases), while always building osv-scanner binaries with the latest version of Go.

Contribute

Report Problems

If you have what looks like a bug, please use the GitHub issue tracking system. Before you file an issue, please search existing issues to see if your issue is already covered.

Contributing code to `osv-scanner`

See CONTRIBUTING.md for documentation on how to contribute code.

Star History

Directories ¶

Path	Synopsis
cmd
osv-reporter
osv-scanner
osv-scanner/fix
osv-scanner/scan
osv-scanner/update
internal
cachedregexp
ci
config
customgitignore
depsdev
grouper
identifiers
image
local
manifest
output
output/sbom
remediation
remediation/relax
remediation/suggest
remediation/upgrade
resolution
resolution/client
resolution/clienttest
resolution/datasource
resolution/lockfile
resolution/manifest
resolution/util
sbom
semantic
sourceanalysis
sourceanalysis/govulncheck
spdx Code generated by gen.go.	Code generated by gen.go.
testutility
thirdparty/ar
thirdparty/xml Package xml implements a simple XML 1.0 parser that understands XML name spaces.	Package xml implements a simple XML 1.0 parser that understands XML name spaces.
tui
url
utility/maven
utility/purl
utility/results
utility/severity
utility/vulns
version
pkg
config Deprecated: this is now private and should not be used outside the scanner	Deprecated: this is now private and should not be used outside the scanner
depsdev Deprecated: this is now private and should not be used outside the scanner	Deprecated: this is now private and should not be used outside the scanner
grouper Deprecated: this is now private and should not be used outside the scanner	Deprecated: this is now private and should not be used outside the scanner
lockfile
models
osv
osvscanner
reporter
spdx Code generated by gen.go.	Code generated by gen.go.
scripts
generate_mock_resolution_universe

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL