search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.11k stars 343 forks source link

Improve container scanning. #64

Open oliverchang opened 1 year ago

oliverchang commented 1 year ago

Currently the focus of OSV-Scanner is on lockfiles, with preliminary support for Debian container scanning.

We will extend this to better container scanning as well:

sxlijin commented 1 year ago

This would be amazing! Really appreciate what you're doing here :)

A few questions, out of curiosity:

  1. Is there currently work planned for Debian container scanning? (I imagine this would align well with gLinux scanning work, so I'm hoping yes.)
  2. Has work been planned for other distros, and if so, which?
  3. What other distros do you realistically see this getting extended to?
github-actions[bot] commented 1 month ago

This issue has not had any activity for 60 days and will be automatically closed in two weeks

oliverchang commented 1 month ago

This is being actively worked on by @another-rex and @hogo6002, with features planned around: