Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities

From thehackernews.com

OSV-Scanner

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.

The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect “a project’s list of dependencies with the vulnerabilities that affect them,” Google software engineer Rex Pan in a post shared with The Hacker News.

“The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases,” Pan added.

Read more…