- Feature #168 Support for scanning debian package status file, usually located in
/var/lib/dpkg/status. Thanks @cmaritan - Feature #94 Specify what parser should be used in
--lockfile. - Feature #158 Specify output format to use with the
--formatflag. - Feature #165 Respect
.gitignorefiles by default when scanning. - Feature #156 Support markdown table output format. Thanks @deftdawg
- Feature #59 Support
conan.locklockfiles and ecosystem Thanks @SSE4 - Updated documentation! Check it out here: https://google.github.io/osv-scanner/
- Feature #178 Support SPDX 2.3.
- Feature #221 Support dependencyManagement section in Maven poms.
- Feature #167 Make osvscanner API library public.
- Feature #141 Retry OSV API calls to mitigate transient network issues. Thanks @davift
- Feature #220 Vulnerability output is ordered deterministically.
- Feature #179 Log number of packages scanned from SBOM.
- General dependency updates
- Bug #161 Exit with non zero exit code when there is a general error.
- Bug #185 Properly omit Source from JSON output.
This update adds support for NuGet ecosystem and various bug fixes by the community.
- Feature #98: Support for NuGet ecosystem.
- Feature #71: Now supports Pipfile.lock scanning.
- Bug #85: Even better support for narrow terminals by shortening osv.dev URLs.
- Bug #105: Fix rare cases of too many open file handles.
- Bug #131: Fix table highlighting overflow.
- Bug #101: Now supports 32 bit systems.
This is a minor patch release to mitigate human readable output issues on narrow terminals (#85).
- Bug #85: Better support for narrow terminals.
Various bug fixes and improvements. Many thanks to the amazing contributions and suggestions from the community!
- Feature: ARM64 builds are now also available!
- Feature #46: Gradle lockfile support.
- Feature #50: Add version command.
- Bug #52: Fixes 0 exit code being wrongly emitted when vulnerabilities are present.