GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev https://github.com/google/osv-scanner

#OpenSource #vulnerabilityscanner #google #go #osvscanner

Das möchte ich mal testen. #security #osvscanner #dependencycheck #SecurityScanning

"Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies."

https://github.com/google/osv-scanner

Is this a tool that can help with web app pentesting? What would you use it for?
https://osv.dev/
#osvscanner #google

Is this a tool that can help with web app pentesting? What would you use it for?
https://osv.dev/
#osvscanner #google

One of those days… Trying out the new OSV Scanner (https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html?m=1) by going first for the Windows executable release version of it, finding out that of course its not signed and then AV says ”thou shall not pass”.

Trusting person as I am, went for the Linux version which of course worked as a charm. Interesting looking dependency scanner though not happy of the default visual output because it completely ignores the severity of the finding. Absolutely no indication if the finding is critical, low or something in between.
#osvscanner

OSV-Scanner:
➡️ Find existing vulnerabilities affecting your project's dependencies.

➡️ Provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.

➡️ Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database)

➡️ Anyone can suggest improvements to advisories, resulting in a very high quality database

➡️ The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages

Repo:
https://github.com/google/osv-scanner

Blog:
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html?m=1
#golang

Site:
https://osv.dev//#use-the-cli

#infosec #websecurity #osv #osvscanner #devsecops