Skip to content

iosifache/osv-scanner-snap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OSV-Scanner logo

Vulnerability scanner for project's dependencies

Snapcraft's Version     PyPI's Version     GitHub Build Workflow Status

Description

OSV-Scanner is a vulnerability scanner that examines your project's list of dependencies and reports any vulnerabilities that affect the versions you're using. The goal of this repository is to package OSV-Scanner as a (community) snap that can be effortlessly installed across a variety of Linux distributions.

Get it from the Snap Store

Notice: If you want to view the officially recommended method of installing of the tool, refer to the OSV-Scanner documentation.

As of December 2023, it supports lockfiles from C, C++, Dart, Elixir, Go, Java, JavaScript, PHP, Python, R, Ruby, and Rust. It also supports custom lockfiles: simply write some glue code to convert your lockfile into an intermediary JSON file with a particular format, and OSV-Scanner will comprehend the latter.

After confirming that a reported vulnerability is a false positive or discovering mitigations other than upgrading the package, OSV-Scanner provides the option to suppress it so that future runs will not display it.

Local Build

  1. Clone this repository: git clone https://github.com/iosifache/osv-scanner-snap
  2. Move into the cloned repository: cd osv-scanner-snap
  3. Install Snapcraft: sudo snap install snapcraft --classic
  4. Build the snap: snapcraft --verbose
  5. Install the snap: snap install --dangerous ./osv-scanner_*.snap
  6. Test the snap by running the osv-scanner command: osv-scanner