Google launches new open source security scanning tool
Google just launched a new tool called OSV-Scanner, which is free open source tool it says makes it easy for developers to access information about vulnerabilities related to their projects.
In 2021, Google launched the OSV.dev service, a distributed open source vulnerability database that enables multiple open source ecosystems and vulnerability databases to publish and use information in a machine-readable format.
According to Google, OSV-Scanner now provides an officially supported user interface for this OSV database, connecting the project’s dependency list to the vulnerabilities affecting them.
What else does this offer?
OSV-Scanner appears to be integrated into OpenSSF’s Scorecard Vulnerability testing, which means it should be able to extend analysis from just direct project vulnerabilities to include vulnerabilities in all its dependencies.
Since software projects often involve many third-party dependencies that originate from external software libraries, with too many different versions to track manually, according to Google, automation will Useful to ensure security.
In addition, each vulnerability advice comes from an “authoritative and open source”, e.g. the RustSec Advisory Database.
Google says anyone can suggest improvements to the consultation, resulting in a very high-quality database.
If you want to try OSV-Scanner, you can visit website (opens in a new tab) and follow the instructions, or read GitHub Tutorial (opens in a new tab).
No wonder Google is looking to pour resources into Open Source Security, open source vulnerabilities remain key final point for hackers to find their way into the system.
In fact, a report from cybersecurity firm Snyk, in conjunction with Linux Foundation found that two-fifths (41%) of companies don’t trust the security of their open source.
This lack of trust is hindering technology adoption in many cases, the number of companies willing to deploy open source software in their production environments. actually reduced by 5%from 95% in 2021 to 90% this year.
- Interested in staying safe online? Check out our guide to best firewall