Google just launched OSV scanner, a new tool. It’s free! open sourceIt claims that this tool gives developers easy access and control over vulnerability information relevant for their project.
Google launched OSV.dev in 2021. It is a distributed open-source vulnerability database that allows open source ecosystems to publish and consume information together in a machine-readable format.
Google claims that OSV-Scanner is now an officially supported front-end for this OSV database. It links project dependencies to the vulnerabilities that affect them.
What is this offer?
OSV-Scanner seems to have integrated OpenSSF scorecard vulnerability scan, which means that it will be able extend the analysis beyond the project’s vulnerabilities to include all dependencies.
Software projects often have many third-party dependencies that are derived from external software libraries. With too many versions to keep track manually, automation is useful to ensure security according Google.
Each vulnerability advisory is also sourced from an “open, trusted source”, such the RustSec advisory data base.
Google states that anyone can suggest improvements in Guidelines reporting. This results is a higher-quality data base.
You can visit to learn more about OSV-Scanner. website(Opens in a new window)Follow the instructions or read the github directory(Opens in a new window).
Google is not surprising to be looking to invest in Open Source Security as open source security vulnerabilities are still key. End point Hackers are able to hack into systems.
In fact, the report was actually compiled by Snyk, a cybersecurity firm, and associated with LinuxThe foundation found that 41 percent of companies were in the top five. They are not confident about the security of their open source code.
This lack trust hampers the adoption and use of open source software by many companies. actually decreased 5%From 95% in 2021 up to 90% this year.
- Are you interested to stay safe online? Check out this guide. Better firewalls
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]