GRC Viewpoint

Google Launches New OSV Scanner

There is a new launch by Google, an OSV Scanner. The scanner can be best described as an innovative tool that permits developers to scan for susceptibilities concerning open-source software dependencies that are part of their projects.

According to Google, the next stage for OSV Scanner is to enhance C/C++ vulnerability support, take on a very complex software ecosystem, and integrate standalone CI operations to make scheduling scans simple.

OSV Scanner can be downloaded from the osv. Dev website or GitHub for no cost and without any limitations.

READ MORE: Western Networks Are Being Leveraged by Russian Hackers to Attack Ukraine

Here are more details about the new OSV scanner.

The scanner is equipped with the ability to draw data from OSV.dev. The OSV. Dev is relatively new and was released by Google last year. The OSV.dev is the distributed susceptibility database for open-source code.

The database was introduced to extend relevant information on known security concerns impacting the open-source code.

READ MORE: Why Should Your Enterprise Care About Firmware Security?

“The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases. The scanner uses openly distributed advisories from authoritative and reliable sources following the OSV schema for vulnerability triage in the installed package version,” informs the announcement. 

Related Articles

Latest Articles