ENNAENNA

OSV-Scanner

Apache-2.0

Vulnerability Scanning · Go

OSV-Scanner is Google's open-source dependency vulnerability scanner that checks your project's packages against the OSV.dev vulnerability database. Unlike Snyk or GitHub Dependabot which focus on specific ecosystems, OSV-Scanner covers virtually every package manager — npm, PyPI, RubyGems, Go modules, Cargo, Maven, NuGet, pub, and more — using a single unified database format. It scans lockfiles, SBOMs, Docker images, and source directories, producing machine-readable JSON output suitable for CI/CD integration. The guided remediation feature suggests the minimum version bumps needed to fix all vulnerabilities simultaneously, avoiding dependency hell. OSV-Scanner is designed for supply chain security at scale, with offline scanning support and SBOM generation. With nearly 9,000 GitHub stars, it is becoming a standard part of secure development pipelines alongside Trivy and Grype.

8.7kstars
560forks
111issues
Updated 1d ago
View on GitHubOfficial Website

Installation

$ go install github.com/google/osv-scanner/cmd/osv-scanner@latest

Use Cases

  • CI/CD dependency vulnerability scanning
  • Supply chain security auditing
  • License compliance checking

Tags

dependency-scanningscasupply-chaincvescannersecurity-auditsecurity-toolsvulnerability-scanner

Details

Category
Vulnerability Scanning
Language
Go
License
Apache-2.0
Platforms
🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/google/osv-scanner

Official Website

google.github.io/osv-scanner

Releases

github.com/google/osv-scanner/releases

Issues

github.com/google/osv-scanner/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

No reviews yet. Be the first to review OSV-Scanner.

Alternatives & Comparisons

Trivy

Go

Comprehensive vulnerability scanner for containers, filesystems, git repos, and Kubernetes with SBOM generation.

Compare OSV-Scanner vs Trivy

Grype

Go

Vulnerability scanner for container images and filesystems that matches installed packages against known CVEs.

Compare OSV-Scanner vs Grype

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app