Are you looking for vulnerability intel that standard scanners skip?
OSV-Scanner is an awesome SCA tool for unearthing vulnerabilities in open-source dependencies, offering you a unique lens on your supply chain.
OSV-scanner has nice flexibility in how you consume the data:
Served locally via port 8000: Clean view of data in a web UI interface
-
osv-scanner scan image --serve <image>/latest
Standard terminal output: Great for a quick test or audit, can be piped into other tools/reports.
osv-scanner scan image <image>/latest
Either way, it's a welcomed addition to any supply chain security engineers tool-belt.
Just say Go-go Gadget OSV! 🕵️
Top comments (0)