Google announced a vulnerability scanner for Open Source projects.

Google announced a vulnerability scanner for Open Source projects

This week, Google announced a new tool to help open-source developers detect possible vulnerabilities in their projects. The new tool is called OSV-Scanner and is available on GitHub.  Earlier, Google published the Open Source Vulnerability schema and launched the service (open-source vulnerability database), so the scanner is another tool that further helps developers make their software safer.

OSV-Scanner is created to track all possible security flaws in all the components used by the software piece. The new tool is handy because many software uses external libraries that are added to implement some logic without developing it from scratch. Each of those libraries may have some known or newly discovered vulnerabilities, but the more dependencies the software has, the more difficult it is to track them manually.

According to the Google Blog, the tool uses information from open and authoritative sources that can receive suggestions from anyone. Currently, the database contains over 38 000 records for major programming language ecosystems, Linux Kernel, Linux distributions, and Android. The information is stored in machine-readable OSV format.

Detailed information on how to run the tool is available on GitHub. Also, it is already integrated into OpenSSF Scorecard’s Vulnerabilities check, so the Scanner will also check the projects monitored by the Scorecard.

Reading next

Magento Progressive Web Applications - short technology overview
Magento PWA studio overview

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.