News

Google releases OSV tool to scan open source software for vulnerabilities

By admin
Spread the love

Google has released a tool that helps developers of open source software discover vulnerabilities in their code more quickly. The tool is called OSV Scanner and is based on Go.

OSV stands for Open Source Vulnerability. OSV scanner uses the OSV database that Google set up last year. This is an open source database that collects information about known vulnerabilities. Google calls OSV scanner ‘an officially supported frontend’ for that database. API statements on the OSV website.

The tool that the company is now releasing is intended for developers of open source software who use external libraries and dependencies. By using OSV scanner, all those dependencies are scanned for known vulnerabilities that are included in the database. The scanner uses manifests and commit hashes, among other things, to see which dependencies are being used. Those vulnerabilities will then also be checked on the OpenSSF Scorecarddatabase.

Google says the tool is based on Go. Its source code is open source and available on GitHub. In the future, the company wants to implement continuous integration actions in the tool, so that scans can be scheduled, for example. Support for C and C++ code scans will also be expanded, and support for VEX reports will also be added. When that will happen is not yet known.

You might also like
Extensions & Addns

ShortcutKey2URL for Chrome . Extension

News

Water collection from the air using a portable system

Review

AMD X870 Motherboards Review- ASUS, ASRock and MSI present line-ups

Review

New eras for old favorite – Civilization VII Review

Review

Waterproof range for your garden – TP-Link Deco X50-Outdoor Quick Test

Downloads

Download Office 365 Offline Installer ISO / IMG

Exit mobile version