osv-scanner

Definition

OSV-Scanner is a vulnerability scanner that identifies open-source vulnerabilities in project dependencies by leveraging the Open Source Vulnerability (OSV) database. It analyzes project manifests and lockfiles to detect known security issues, providing developers with actionable insights to remediate vulnerabilities in their software supply chain.

Secure Settings Example

# Run OSV-Scanner with a specific lockfile to ensure all dependencies are checked
osv-scanner --lockfile=package-lock.json

Insecure Settings Example

# Running OSV-Scanner without specifying a lockfile may lead to incomplete scanning
osv-scanner