An open-source front-end interface to the Open Source Vulnerability (OSV) database called “OSV-Scanner” has been made available by Google.
The OSV database is a distributed, open-source database that keeps OSV-formatted vulnerability data. By comparing a project’s dependencies to the OSV database, the OSV-Scanner determines all vulnerabilities that pertain to the project.
OSV-Scanner first ascertains all the dependencies that are in use by inspecting manifests, software bill of materials (SBOMs), and commit hashes when it is executed on a project. This data is used to query the OSV database and talk about any project-related vulnerabilities. Vulnerabilities are disclosed in tabular style or, optionally, in the OSV format, which is based on JSON.
