1.9.023384.2 MB
GPL-3.0
strict
core22
Vulnerability scanner for project's dependencies
OSV-Scanner is a vulnerability scanner that examines your project's list of dependencies and reports any vulnerabilities that affect the versions you're using.
As of December 2023, it supports lockfiles from C, C++, Dart, Elixir, Go, Java, JavaScript, PHP, Python, R, Ruby, and Rust. It also supports custom lockfiles: simply write some glue code to convert your lockfile into an intermediary JSON file with a particular format, and OSV-Scanner will comprehend the latter.
After confirming that a reported vulnerability is a false positive or discovering mitigations other than upgrading the package, OSV-Scanner provides the option to suppress it so that future runs will not display it.
As of December 2023, it supports lockfiles from C, C++, Dart, Elixir, Go, Java, JavaScript, PHP, Python, R, Ruby, and Rust. It also supports custom lockfiles: simply write some glue code to convert your lockfile into an intermediary JSON file with a particular format, and OSV-Scanner will comprehend the latter.
After confirming that a reported vulnerability is a false positive or discovering mitigations other than upgrading the package, OSV-Scanner provides the option to suppress it so that future runs will not display it.
Update History
1.9.0 (233)13 Dec 2025, 09:47 UTC
14 Dec 2023, 12:51 UTC
15 Oct 2024, 20:48 UTC
13 Dec 2025, 09:47 UTC