Google launches OSV-Scanner, a new open-source vulnerability database

Patrick Devaney
Dec 15, 2022
Updated • Dec 15, 2022
Google
|
0

Google has launched a new open-source tool designed to give open-source developers access to information that could help them stay on top of potential vulnerabilities that could affect their projects. The OSV-Scanner builds on top of a tool Google developed in 2021 called the OSV.dev service.

Google launches OSV-Scanner

The OSV.dev service is an open-source distributed vulnerability database that conglomerates the different open-source ecosystems and vulnerabilities into a single location and in a machine-readable format. The move marked an important step as unifying open-source vulnerabilities and databases in this way had proven challenging with each using their own format. Describing the move in June last year, Google said:

“With this schema we hope to define a format that all vulnerability databases can export. A unified format means that vulnerability databases, open-source users, and security researchers can easily share tooling and consume vulnerabilities across all of open-source. This means a more complete view of vulnerabilities in open source for everyone, as well as faster detection and remediation times resulting from easier automation.”

ADVERTISEMENT

The news OSV-Scanner tool marks the next step in this journey as it offers what Google is calling an “officially supported front end to the OSV database”. As mentioned above, the huge numbers and varieties of formats were a challenge to compile together but they are also a challenge to keep track of. This necessitates the automation of the task, which is where this new scanner tool comes in:

“The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.”

According to the Google blog post announcing the new OSV-scanner, the OSV.dev database is now the biggest open-source vulnerability database of its kind, containing over 38,000 advisories. This has jumped up from 15,000 advisories just a year ago.

Summary
Google launches OSV-Scanner, a new open-source vulnerability database
Article Name
Google launches OSV-Scanner, a new open-source vulnerability database
Description
Google has launched a new open-source tool designed to give open-source developers access to information on potential vulnerabilities that could affect their projects.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.