Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Full Changelog: https://github.com/google/osv-scanner/compare/v1.7.2...v1.7.3
(There was no Github release for this version)
MakeVersionRequestsWithContext()
Full Changelog: https://github.com/google/osv-scanner/compare/v1.7.0...v1.7.2
This version introduces our new guided remediation feature for npm! Try it with osv-scanner fix
today!
Feature #352 Guided Remediation
Introducing our new experimental guided remediation feature on osv-scanner fix
subcommand.
See our docs for detailed usage instructions.
Feature #805 Include CVSS MaxSevirity in JSON output.
Bug #818 Align GoVulncheck Go version with go.mod.
Bug #797 Don't traverse gitignored dirs for gitignore files.
Full Changelog: https://github.com/google/osv-scanner/compare/v1.6.2...v1.7.0
Feature #694 OSV-Scanner now has subcommands!
The base command has been moved to scan
(currently the only commands is scan
). By default if you do not pass in a command, scan
will be used, so CLI remains backwards compatible.
This is a building block to adding the guided remediation feature. See issue #352 for more details!
Feature #776 Add pdm lockfile support.
Full Changelog: https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2
Feature #694 Add support for NuGet lock files version 2.
Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
Feature #702 Created an option to skip/disable upload to code scanning.
Feature #732 Add option to not fail on vulnerability being found for GitHub Actions.
Feature #729 Verify the spdx licenses passed in to the license allowlist.
Bug #736 Show ecosystem and version even if git is shown if the info exists.
Bug #703 Return an error if both license scanning and local/offline scanning is enabled simultaneously.
Bug #718 Fixed parsing of SBOMs generated by the latest CycloneDX.
Bug #704 Get go stdlib version from go.mod.
Reporter
methods to add verbosity levels and to deprecate functions.Full Changelog: https://github.com/google/osv-scanner/compare/v1.5.0...v1.6.0-alpha3
renv
files for the R language ecosystem.--experimental-call-analysis
flag has now been updated to:
--call-analysis=<language/all>
--no-call-analysis=<language/all>
with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!Full Changelog: https://github.com/google/osv-scanner/compare/v1.4.3...v1.5.0
Full Changelog: https://github.com/google/osv-scanner/compare/v1.4.2...v1.4.3
Some minor fixes in this release.
yarn.lock
filesFull Changelog: https://github.com/google/osv-scanner/compare/v1.4.1...v1.4.2
go
version and checks for vulnerabilities in the standard library.osv-scanner.json
for osv-scanner to scan. See our documentation for instructions.Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.6...v1.4.0