OSV-Scanner A free vulnerability scanner for open-source software


Google has announced the OSV-Scanner, a free command line vulnerability scanner that open source developers may use to scan the dependencies of their projects for vulnerabilities. This comes after the Open Source Vulnerabilities database (OSV.dev) was made available in February. Rex Pan, a software engineer with the Google Open Source Security Team, noted that “OSV.dev allows all the many open source ecosystems and vulnerability databases to post and consume information in one simple, precise, and machine readable manner.”

Read More…