Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider including ovs-scanner #974

Open
atc0005 opened this issue Mar 30, 2023 · 0 comments
Open

Consider including ovs-scanner #974

atc0005 opened this issue Mar 30, 2023 · 0 comments
Assignees
@atc0005
Labels
enhancement New feature or request question Further information is requested vulnerability-scanner
Milestone
Future

Comments

@atc0005
Copy link
Owner

atc0005 commented Mar 30, 2023

Use OSV-Scanner to find existing vulnerabilities affecting your project's dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:

  • Each advisory comes from an open and authoritative source (e.g. the RustSec Advisory Database)
  • Anyone can suggest improvements to advisories, resulting in a very high quality database
  • The OSV format unambiguously stores information about affected versions in a machine-readable format that precisely maps onto a developer’s list of packages

Refs:
@atc0005 atc0005 added enhancement New feature or request question Further information is requested vulnerability-scanner labels Mar 30, 2023
@atc0005 atc0005 added this to the Future milestone Mar 30, 2023
@atc0005 atc0005 self-assigned this Mar 30, 2023
@atc0005 atc0005 changed the title Considering including ovs-scanner Consider including ovs-scanner Mar 30, 2023
@atc0005 atc0005 changed the title Consider including ovs-scanner Consider including ovs-scanner Mar 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
enhancement New feature or request question Further information is requested vulnerability-scanner
Projects
None yet
Milestone
Future
Development

No branches or pull requests
1 participant
@atc0005