加载中
正在获取最新内容,请稍候...
OSV-Scanner: Find Your Project's Vulnerabilities with OSV.dev Data
A command-line vulnerability scanner written in Go, leveraging the comprehensive data from OSV.dev to detect known vulnerabilities in your project's dependencies.
Go
Added on 2025年6月5日7,450
Stars427
ForksGo
LanguageProject Introduction
Summary
OSV-Scanner is an open-source command-line interface (CLI) tool designed to scan your software project's dependencies for known vulnerabilities by utilizing the aggregated vulnerability data provided by the OSV.dev project.
Problem Solved
Automatically identifying known vulnerabilities in third-party software components is critical but often complex and time-consuming. OSV-Scanner automates this process, making it easy to find and address security issues in dependencies.
Core Features
OSV.dev Data Integration
Directly queries the OSV.dev database for up-to-date and detailed vulnerability information across various ecosystems.
Dependency Manifest Parsing
Analyzes project lockfiles and manifests (e.g., go.mod, package-lock.json, requirements.txt, pom.xml) to identify dependencies.
Fast and Efficient CLI Tool
Built with Go for speed, efficiency, and easy deployment as a single binary.
Tech Stack
Go
OSV.dev API
Use Cases
OSV-Scanner is a versatile tool applicable in various stages of the software development lifecycle and security management:
Automated CI/CD Security Checks
Details
Integrate OSV-Scanner into your continuous integration pipeline to automatically scan dependencies whenever code is pushed or merged.
User Value
Catch vulnerabilities early in the development process before deployment, reducing remediation costs.
Local Development Dependency Scan
Details
Run the scanner locally on your development machine before committing code to quickly check for new vulnerabilities introduced by added or updated dependencies.
User Value
Empower developers to take ownership of dependency security and perform immediate checks.
Security Audits and Compliance
Details
Use OSV-Scanner to perform one-off or regular security audits of existing codebases, including legacy applications, to identify outdated dependencies with known issues.
User Value
Easily assess the security posture of projects for compliance requirements or general security hygiene.
Recommended Projects
You might be interested in these projects
m1k1oneko
Neko is a self-hosted virtual browser leveraging Docker and WebRTC to provide secure and low-latency remote access to a browser instance. Ideal for secure browsing, testing, and automation.
Go
11557771
node-rednode-red
Node-RED is a flow-based programming tool for wiring together hardware devices, APIs, and online services as part of the Internet of Things. It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette.
JavaScript
214313611
modelscopeFunASR
A Fundamental End-to-End Speech Recognition Toolkit and Open Source SOTA Pretrained Models, Supporting Speech Recognition, Voice Activity Detection, Text Post-processing etc.
Python
111011125