加载中
正在获取最新内容,请稍候...
OSV-Scanner: Find Your Project's Vulnerabilities with OSV.dev Data
A command-line vulnerability scanner written in Go, leveraging the comprehensive data from OSV.dev to detect known vulnerabilities in your project's dependencies.
Go
Added on 2025年6月5日7,450
Stars427
ForksGo
LanguageProject Introduction
Summary
OSV-Scanner is an open-source command-line interface (CLI) tool designed to scan your software project's dependencies for known vulnerabilities by utilizing the aggregated vulnerability data provided by the OSV.dev project.
Problem Solved
Automatically identifying known vulnerabilities in third-party software components is critical but often complex and time-consuming. OSV-Scanner automates this process, making it easy to find and address security issues in dependencies.
Core Features
OSV.dev Data Integration
Directly queries the OSV.dev database for up-to-date and detailed vulnerability information across various ecosystems.
Dependency Manifest Parsing
Analyzes project lockfiles and manifests (e.g., go.mod, package-lock.json, requirements.txt, pom.xml) to identify dependencies.
Fast and Efficient CLI Tool
Built with Go for speed, efficiency, and easy deployment as a single binary.
Tech Stack
Go
OSV.dev API
Use Cases
OSV-Scanner is a versatile tool applicable in various stages of the software development lifecycle and security management:
Automated CI/CD Security Checks
Details
Integrate OSV-Scanner into your continuous integration pipeline to automatically scan dependencies whenever code is pushed or merged.
User Value
Catch vulnerabilities early in the development process before deployment, reducing remediation costs.
Local Development Dependency Scan
Details
Run the scanner locally on your development machine before committing code to quickly check for new vulnerabilities introduced by added or updated dependencies.
User Value
Empower developers to take ownership of dependency security and perform immediate checks.
Security Audits and Compliance
Details
Use OSV-Scanner to perform one-off or regular security audits of existing codebases, including legacy applications, to identify outdated dependencies with known issues.
User Value
Easily assess the security posture of projects for compliance requirements or general security hygiene.
Recommended Projects
You might be interested in these projects
raphamorimrio
Rio is a high-performance, hardware-accelerated terminal emulator designed for both desktop environments and web browsers, leveraging your GPU for smoother rendering and improved responsiveness.
Rust
5075182
krahetshello-algo
An open-source, animated tutorial for data structures and algorithms, featuring runnable code examples in multiple programming languages.
Java
11237413968
alibabaSentinel
Sentinel is a powerful flow control component designed for microservices, enhancing reliability, resilience, and real-time monitoring in cloud-native environments.
Java
227458093