Google just launched a new tool called OSV-Scanner, a free and open-source tool that it says will give developers easy access to vulnerability information related to their projects.
In 2021, Google launched the OSV.dev service, a distributed open source vulnerability database, enabling various open source ecosystems and vulnerability databases to publish and consume information in a machine-readable format.
According to Google, OSV-Scanner now provides an officially supported front end to this OSV database, which links a project’s dependency list with the vulnerabilities affecting them.
What else does this offer?
OSV-Scanner is apparently integrated into OpenSSF’s scorecard vulnerability check, which means it will be able to extend the analysis from just a project’s immediate vulnerabilities to also include vulnerabilities in all of its dependencies.
Since software projects often involve many third-party dependencies from external software repositories, and there are too many different versions to track manually, automation will help ensure security, according to Google.
Additionally, each vulnerability advisory is drawn from an “open and authoritative source,” such as the RustSec Advisory Database.
Google says anyone can suggest improvements, resulting in a very high-quality database.
If you are interested in trying OSV-Scanner, you can go to website (opens in a new tab) and follow the instructions, or read the GitHub guides (opens in a new tab).
It’s no surprise that Google wants to dedicate resources to open source security, and open source vulnerabilities remain a critical endpoint for hackers to enter systems.
In fact, a joint report by cybersecurity firm Snyk and the Linux Foundation found that two in five (41%) companies are not confident in the security of their open source code.
In many cases, this lack of trust has held back adoption of the technology, with the number of companies willing to deploy open source software in their production environments actually dropping by 5%, from 95% in 2021 to 90% this year.
- Interested in staying safe online?Check out our guide to the best firewalls
