Vulnerability scanner written in Go which uses the data provided by https://osv.dev
go
version and checks for vulnerabilities in the standard library.osv-scanner.json
for osv-scanner to scan. See our documentation for instructions.Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.6...v1.4.0
models.PURLToPackage()
, and deprecate osvscanner.PURLToPackage()
.PURLToPackage
not returning the full namespace of packages in ecosystems
that use them (e.g. golang).Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.5...v1.3.6
Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.4...v1.3.5
Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4
--hash
.pkg/osv
to allow overriding the http client / transportFull Changelog: https://github.com/google/osv-scanner/compare/v1.3.2...v1.3.3
--sbom
.Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.1...v1.3.2
Full Changelog: https://github.com/google/osv-scanner/compare/v1.3.0...v1.3.1
--experimental-call-analysis
flag.-r
flag in requirements.txt
files.IgnoredVulns
also ignore aliases.file:
dependencies in pnpm
lockfiles.Pipenv.lock
files.Full Changelog: https://github.com/google/osv-scanner/compare/v1.2.0...v1.3.0
/var/lib/dpkg/status
. Thanks @cmaritan--lockfile
.--format
flag..gitignore
files by default when scanning.conan.lock
lockfiles and ecosystem Thanks @SSE4Full Changes: https://github.com/google/osv-scanner/compare/v1.1.0...v1.2.0
This update adds support for NuGet ecosystem and various bug fixes by the community.
Full Changelog: https://github.com/google/osv-scanner/compare/v1.0.2...v1.1.0