OSV-Scanner is a vulnerability scanner that examines your project's list of dependencies and reports any vulnerabilities that affect the versions you're using. The goal of this repository is to package OSV-Scanner as a (community) snap that can be effortlessly installed across a variety of Linux distributions.
Notice: If you want to view the officially recommended method of installing of the tool, refer to the OSV-Scanner documentation.
As of December 2023, it supports lockfiles from C, C++, Dart, Elixir, Go, Java, JavaScript, PHP, Python, R, Ruby, and Rust. It also supports custom lockfiles: simply write some glue code to convert your lockfile into an intermediary JSON file with a particular format, and OSV-Scanner will comprehend the latter.
After confirming that a reported vulnerability is a false positive or discovering mitigations other than upgrading the package, OSV-Scanner provides the option to suppress it so that future runs will not display it.
- Clone this repository:
git clone https://github.com/iosifache/osv-scanner-snap - Move into the cloned repository:
cd osv-scanner-snap - Install Snapcraft:
sudo snap install snapcraft --classic - Build the snap:
snapcraft --verbose - Install the snap:
snap install --dangerous ./osv-scanner_*.snap - Test the snap by running the
osv-scannercommand:osv-scanner