scanner

module
v0.0.0-...-76b7708 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 17, 2022 License: Apache-2.0

README

Vulnerability scanner (preview)

This contains a vulnerability scanner written in Go.

This tool is currently under development and is subject to change.

Installing

$ go install github.com/google/osv.dev/tools/scanner@latest

Scanning an SBOM

SPDX and CycloneDX SBOMs using Package URLs are supported. The format is auto-detected based on the input file contents.

$ go run cmd/scanner.go /path/to/your/sbom.json

Scanning a directory

Given a list of directories, this tool will recursively search for git repositories and make requests to OSV to determine affected vulnerabilities.

This is intended to work with projects that use git submodules or a similar mechanism where dependencies are checked out as real git repositories.

Example
$ go run cmd/scanner.go /path/to/your/repo

Directories

Path Synopsis
internal
osv
sbom

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.