google osv-scanner issues

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

https://google.github.io/osv-scanner/

Apache License 2.0

6.15k stars 347 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

feat: fetch Maven metadata from specified repositories

#1286 cuixq opened 5 hours ago
1
fix: improve handling if `docker` exits with a non-zero code when trying to scan images

#1285 G-Rath opened 13 hours ago
1
test: update snapshot

#1284 G-Rath closed 7 hours ago
1
fix: output invalid PURLs when scanning sboms

#1283 G-Rath closed 4 hours ago
1
chore(deps): lock file maintenance

#1282 renovate-bot opened 16 hours ago
1
chore(deps): update workflows

#1281 renovate-bot opened 16 hours ago
0
Do not fetch snapshots from the Maven repository disabling that

#1280 cuixq opened 4 days ago
0
fix(offline): report all ecosystems without local databases in one single line

#1279 G-Rath closed 6 hours ago
1
fix: apply go version override to _all_ instances of the `stdlib`

#1278 G-Rath closed 4 hours ago
2
Consider making "skip git" the default in v2

#1277 G-Rath opened 4 days ago
0
Brais.cabofelpete/k9 vuln 843 dont report version for dependencies workspaces package.json

#1276 BraisCaboFelpete closed 4 days ago
0
Display severity using ecosystem-specific priority tags

#1275 hogo6002 opened 5 days ago
0
HTML output format for scanning result

#1274 hogo6002 opened 5 days ago
0
Config file (GoVersionOverride) is not applied properly on recursive scans

#1273 tuminoid closed 4 hours ago
1
chore(deps): bump django from 2.2.24 to 3.2.25 in /cmd/osv-scanner/fixtures/locks-requirements in the pip group across 1 directory

#1272 dependabot[bot] closed 4 days ago
2
feat: assume `txt` files with "requirements" in their name are `requirements.txt` files

#1271 G-Rath closed 5 days ago
1
chore(deps): update dependency webrick to v1.8.2 [security]

#1270 renovate-bot closed 6 days ago
1
Read Maven configurations from `settings.xml`

#1269 cuixq opened 6 days ago
0
feat: support `vulnerabilities.ignore` in package overrides

#1268 G-Rath opened 6 days ago
1
test: update case to reflect recent config parsing changes

#1267 G-Rath closed 6 days ago
1
Accept other names for requirements.txt files or provide a way to specify an extractor

#1266 lengau closed 5 days ago
5
fix(deps): update osv-scanner minor

#1265 renovate-bot closed 5 days ago
2
chore(deps): update workflows

#1264 renovate-bot closed 5 days ago
1
refactor: Follow revive rules across the repo

#1263 another-rex closed 1 week ago
1
feat: group DSA and its CVEs together

#1262 hogo6002 closed 1 week ago
1
Group using related field for specific ecosystems

#1261 another-rex opened 1 week ago
0
Implement query paging

#1260 another-rex opened 1 week ago
0
chore: make guided remediation follow revive's default lint rules

#1259 michaelkedar closed 1 week ago
3
feat(output): add HTML output format

#1258 hogo6002 opened 1 week ago
1
Reenable `revive` golangci-lints

#1257 another-rex closed 1 week ago
2
ci: pin `amannn/action-semantic-pull-request` to a commit

#1256 G-Rath closed 1 week ago
1
ci: pin `actions/stale` to a commit

#1255 G-Rath closed 1 week ago
1
test: update snapshots with new security vulnerabilities

#1254 G-Rath closed 1 week ago
4
chore: deprecate parser functions in favor of their extract equivalents

#1253 G-Rath closed 1 week ago
1
fix: don't allow `LoadPath` to be set via config file

#1252 G-Rath closed 1 week ago
1
test: ensure `cmp.Diff` usage is consistent

#1251 G-Rath closed 2 weeks ago
1
test: restructure internal `config` cases and fixtures

#1250 G-Rath closed 2 weeks ago
1
feat: error if configuration file has unknown properties

#1249 G-Rath closed 1 week ago
1
refactor: simplify and reuse `tryLoadConfig`

#1248 G-Rath closed 1 week ago
2
chore(deps): update workflows

#1247 renovate-bot closed 2 weeks ago
1
fix(deps): update osv-scanner minor

#1246 renovate-bot closed 2 weeks ago
1
feat: Copy over dark docs theming from osv.dev

#1245 another-rex closed 2 weeks ago
1
Support pyproject.toml files

#1244 AdamKorcz opened 2 weeks ago
1
feat: allow explicitly ignoring the license of a package in config

#1243 G-Rath closed 2 weeks ago
3
fix: announce when a config file is invalid and exit with a non-zero code

#1242 G-Rath closed 2 weeks ago
1
fix: don't assume there's always a reason for a package being filtered out

#1241 G-Rath closed 2 weeks ago
1
Maven resolution fails with native data source when `maven-metadata.xml` is missing from repository

#1240 michaelkedar opened 2 weeks ago
0
Support profile activation in Maven pom.xml resolution and writing

#1239 michaelkedar opened 2 weeks ago
2
Fail to update Maven packages with properties in their names

#1238 michaelkedar opened 2 weeks ago
0
chore(release): changelog for v1.8.5

#1237 cuixq closed 2 weeks ago
1