Google has just released a new tool called OSV-Scanner, a free, open-source tool that it says gives developers easy access to vulnerability information relevant to their project.
In 2021, Google launched the OSV.dev service, a distributed open source vulnerability database, which enables a variety of open source ecosystems and vulnerability databases to publish and consume information in a human-readable format.
According to Google, OSV-Scanner now provides an officially supported interface to this OSV database, which links a project's list of dependencies to the vulnerabilities that affect them.
What else does it offer?
Apparently, OSV-Scanner is integrated with OpenSSF's Dashboard Vulnerability Checker, which means you'll be able to extend scanning for direct vulnerabilities in a project to also include vulnerabilities in all of its dependencies.
Since software projects often involve many third-party dependencies on external software libraries, with too many different versions to track manually, automation will be helpful in ensuring security according to Google.
Additionally, each vulnerability advisory comes from an "authoritative, open source," for example, the RustSec advisory database.
Google says that anyone can suggest improvements to the reviews, which results in a very high-quality database.
If you want to try OSV-Scanner, you can go to the website (opens in a new tab) and follow the instructions, or read the guide on GitHub (opens in a new tab).
It's no surprise that Google seeks to inject resources into open source security, open source vulnerabilities remain a key endpoint for hackers to break into systems.
In fact, a report by cybersecurity firm Snyk, in conjunction with the Linux Foundation, found that two in five companies (41%) do not trust the security of their open source code.
This lack of trust handicaps adoption of the technology in many cases, the number of companies willing to deploy open source software in their production environments has actually dropped by 5%, from 95% in 2021 to 90% este año.
- Do you want to be safe online? Check out our guide to the best firewalls