After releasing the Open Source Vulnerabilities database (OSV.dev) in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source developers can use to check for vulnerabilities in their projects’ dependencies. Finding vulnerabilities in open-source dependencies “OSV.dev allows all the different open source ecosystems and vulnerability databases to publish and consume information in one simple, precise, and machine readable format,” explained Rex Pan, a software engineer with the Google Open Source … More
The post OSV-Scanner: A free vulnerability scanner for open-source software appeared first on Help Net Security.