Summary: Google has launched OSV-Scanner V2.0.0, an enhanced vulnerability scanning tool that integrates features from OSV-SCALIBR, improving vulnerability detection across various programming ecosystems and container images. This version offers expanded support for diverse dependency types, enhanced container scanning capabilities, an interactive HTML output for better usability, and new guided remediation features for Maven projects. Together, these advancements solidify OSV-Scanner’s critical role in open-source security management.
Affected: Open-source developers and security teams
Keypoints :
- Introduction of OSV-Scanner V2.0.0, offering improved scanning capabilities.
- Integration with OSV-SCALIBR to enhance dependency detection and extraction.
- Layer-aware scanning features for detailed container image analysis.
- Interactive HTML output format to present vulnerability findings in a user-friendly manner.
- Guided remediation features extended to include targeted suggestions for Maven projects.
- Future updates planned to incorporate reachability analysis and VEX support.
Source: https://thecyberexpress.com/google-osv-scanner-tool/