EN
ENNA

OSV-Scanner

Apache-2.0

โšก Vulnerability Scanning ยท Go

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

8.7kstars
560forks
110issues
Updated today
View on GitHubOfficial Website

Installation

$ go install github.com/google/osv-scanner/cmd/osv-scanner@latest

Use Cases

  • CI/CD dependency vulnerability scanning
  • Supply chain security auditing
  • License compliance checking

Tags

dependency-scanningscasupply-chaincvescannersecurity-auditsecurity-toolsvulnerability-scanner

Details

Category
โšก Vulnerability Scanning
Language
Go
License
Apache-2.0
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/google/osv-scanner

Official Website

google.github.io/osv-scanner

Releases

github.com/google/osv-scanner/releases

Issues

github.com/google/osv-scanner/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Trivy

Go

Comprehensive vulnerability scanner for containers, filesystems, git repos, and Kubernetes with SBOM generation.

Compare OSV-Scanner vs Trivy

Grype

Go

Vulnerability scanner for container images and filesystems that matches installed packages against known CVEs.

Compare OSV-Scanner vs Grype

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app