Updated on 2022-12-13: New tool—OSV-Scanner
Google has open-sourced a new tool called OSV-Scanner that can find known vulnerabilities affecting a project’s dependencies. OSV-Scanner is a free tool that helps developers understand whether projects include dependencies that contain vulnerabilities. The scanner uses the OSV database to scan for vulnerabilities across various programming environments and dependency systems. Read more: Announcing OSV-Scanner: Vulnerability Scanner for Open Source
Overview
Google launched the open-source OSV-Scanner that would provide easy access to vulnerability information about multiple projects. Read more: Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities