One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8656281 |
| Date de publication | 2025-03-17 12:47:25 (vue: 2025-03-17 18:08:05) |
| Titre | Annonce d'OSV-Scanner V2: scanner de vulnérabilité et outil de correction pour l'open source Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source |
| Texte | Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we\'re thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with broad support for formats and ecosystems. What\'s newEnhanced Dependency Extraction with OSV-SCALIBRThis release represents the first major integration of OSV-SCALIBR features into OSV-Scanner, which is now the official command-line code and container scanning tool for the OSV-SCALIBR library. This integration also expanded our support for the kinds of dependencies we can extract from projects and containers:Source manifests and lo |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | what 2022 ability account accountability accurate across actionable add additionally address adds advisories advisory alike all alpine also analysis analysis: analyze announce announcement announcing another any api are around artifacts aware base based beta better binaries binarieslayer both breakdownpackage bring broad builds built bun cabal called can capabilities changes checking clear cli code collaboration com command commandsbase communication compared components comprehensive container containers: containers:source context continue contribute contributions converge convergence: cui currently debian december deeper dependencies dependency deps dev developers development difficult direct discuss@google disruption don downloaded earlier easier ecosystem ecosystems enabling entriesand every everyone exchange exciting expand expanded experimental extract extraction facilitate feature features feedback fetch file files filesystem filteringfull filteringvulnerability first flexible focused following format formats foundation freeze from full functionality general give goal google guided have hesitate history html identificationillustration image images imagethis impact importance improve improvements including including:continued including:severity information informationbase insights integrate integrating integration intelligently interactive interactivity interface internet introduced introducedlayer issue its jarsgo java jsonpython: kinds know known laid language languages languages:distro latest launch layer leverage leveraging library like line local lockartifacts:node lockfile lockfiles lockfiles: lockhaskell: lockjavascript: machine major make makes making management managing manifests matching maven maximizes metadata minimizing modulespython more net: new newenhanced next now npm number offering official onfiltering ongoing only open os/distro osdebianubuntulanguage oses osv out output outputpresenting outputs override overriding package pan parent particularly planning plans platform pom post posted potential prioritized private project projects provide provide:layers provided provides questions reach reachability readable reading registry release released remainder remediate remediation repositories repository represents rex running scalibr scalibrthis scan scanner scanning scanning:layerfilteringimage scanningguided scanningpreviously security sideloaded significant simple simplify single source sourced specified stack strategies strategy streamline streamlines subcommend suggesting support support: support:a support:alpine support:gojavanodepythoninteractive supports targeted teamin teams terminal things thrilled through today together tool tracker transitive try uber ubuntu ultimately unlikely update updates upgrades upon v2: v2you version versions vex vulnerabilities vulnerability way welcome what wheelsjava where which will workflow working would writing xml xmllast xueqin yaml year your |
| Tags | Tool Vulnerability |
| Stories | Uber |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.