Softpedia >Windows >Security >Security Related >  OSV-Scanner
OSV-Scanner icon

OSV-Scanner

1.0/5 1
Certified 100% FREE Apache License 2.0   

Match all your project's dependencies to the open-source OSV database to identify existing vulnerabilities that might impact them. #Vulnerability scanner  #Dependency scanner  #OSV vulnerability  #Vulnerability  #Scanner  #Dependency  

Softpedia Review

changelog

Free Download

Review by:
4.0/5
OSV-Scanner screenshot

The Open-Source Vulnerability database or, in short, OSV, is an initiative that delivers vulnerability information for the open-source community in OSV format. Aiming to make it easier for developers to find vulnerabilities that might affect their projects, Google created OSV-Scanner, which works as a front-end for the OSV database.

Released under an open-source license itself, OSV-Scanner delivers a powerful console application that can analyze manifest files, commits and software bill of materials (SBOMs) to match any dependencies in the project against the OSV database. This software tool can find the identified vulnerabilities in the distributed OSV database that are related to any of the project files. Needless to say, finding vulnerabilities results in fewer error notifications and a significant reduction in the time needed to address them.

There is no need to install OSV-Scanner, as it is ready for use via the Windows terminal. You can use the “--help” command to see a list of all the actions and details about each.

You can scan docker images, package lockfiles (yarn.lock, composer.lock, Gemfile.lock, go.mod, mix.lock, poetry.lock, requirements.txt, and more) , as well as software bill of materials (SBOMs) files (SPDX and CycloneDX are supported) with OSV-Scanner. When analyzing a project, this small utility can detect all the dependencies that are in use and then query the OSV database to determine any vulnerability associated with the development project. Git repositories can be optionally excluded from the analysis. In recursive mode, OSV-Scanner also scans sub-directories, not just main folders.

About the output, the list of vulnerabilities is shown in tabular format by default, which is human readable. However, you can also configure OSV-Scanner to generate a JSON file containing all the data, as the JSON schema is versatile and machine readable.

Google’s OSV-Scanner can be used by developers who need to interrogate the OSV database to find vulnerabilities that affect their projects. An easy-to-use API is also available for interrogating the database, but a command-line tool such as OSV-Scanner is more convenient to use for scanning SBOM, lockfiles or directories recursively.

What's new in OSV-Scanner 1.7.2:

  • Fixes:
  • Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly.
  • Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info.
  • Bug #914 Fix regression for go call analysis introduced in 1.7.0.
Read the full changelog

OSV-Scanner 1.7.2

 add to watchlist add to download basket send us an update REPORT
PRICE: Free
  runs on:
Windows 11
Windows 10 64 bit
  file size:
28.9 MB
  filename:
osv-scanner_windows_amd64.exe
  1 screenshot:
OSV-Scanner - OSV-Scanner can scan docket images, SBOM values and lock files.
  main category:
Security
  developer:
  visit homepage

Zoom Client

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

Microsoft Teams

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

4k Video Downloader

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

Bitdefender Antivirus Free

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

ShareX

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

Context Menu Manager

Customize Windows’ original right-click context menu using this free, portable and open-source utility meant to enhance your workflow
Context Menu Manager

7-Zip

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

calibre

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

IrfanView

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

Windows Sandbox Launcher

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

% discount
calibre
  • calibre
  • IrfanView
  • Windows Sandbox Launcher
  • Zoom Client
  • Microsoft Teams
  • 4k Video Downloader
  • Bitdefender Antivirus Free
  • ShareX
  • Context Menu Manager
  • 7-Zip
TRY
essentials
Click to load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy