Summary: Google has launched OSV-Scanner V2.0.0, an enhanced version of its vulnerability scanner for open source developers. This update integrates features from OSV-SCALIBR, improving scan capabilities for code and container images while offering interactive HTML outputs and guided remediation support. The tool aims to bolster security within the open source ecosystem by providing detailed insights and remediation paths for vulnerabilities.
Affected: Open source developers and projects
Keypoints :
- Integration of OSV-SCALIBR features into OSV-Scanner V2.0.0 for enhanced scanning capabilities.
- Support for extracting source manifests, lockfiles, and various artifacts from multiple programming languages.
- New interactive HTML output format providing detailed scan information such as flaw advisories and vulnerability severity.
- Guided remediation support for Maven, including capabilities to manage dependencies in pom.xml files.
- Plans for future expansions to include more ecosystems and advanced features like reachability analysis and Vulnerability Exchange (VEX).
Source: https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner/