Google launches new open-source security scanning tool

>

Google just launched a new tool called OSV-Scanner, a free open source tool that gives developers easy access to vulnerability information relevant to their project.

In 2021, Google launched the OSV.dev service, a distributed open-source vulnerability database, enabling a variety of open-source ecosystems and vulnerability databases to publish and use information in a single machine-readable format.

According to Google, the OSV Scanner now provides an officially supported frontend for this OSV database, which connects a project’s list of dependencies with the vulnerabilities that affect it.

What else does this offer?

OSV-Scanner is apparently integrated into OpenSSF’s Scorecard Vulnerabilities check, meaning it can extend analysis from just a project’s immediate vulnerabilities to vulnerabilities across all of its dependencies.

Since software projects often involve many third-party dependencies coming from third-party software libraries, with too many different versions to keep track of manually, automation will be helpful in ensuring security, according to Google.

In addition, any security advice comes from an “open and authoritative source” such as the RustSec Advisory Database.

Google says anyone can suggest improvements to recommendations, resulting in a very high-quality database.

If you are interested in trying OSV-Scanner, you can go to the website (opens in new tab) and follow the instructions, or read the GitHub Guide (opens in new tab).

It’s not surprising that Google wants to put resources into Open Source Security, open source vulnerabilities remain a major endpoint for hackers to find their way into systems.

In fact, a report by cybersecurity firm Snyk, in collaboration with the Linux Foundation, found that two in five (41%) companies lack confidence in the security of their open source code.

In many cases, this lack of trust hinders adoption of the technology. In fact, the number of companies willing to deploy open-source software in their production environments dropped by 5%, from 95% in 2021 to 90% this year.

  • Interested in staying safe online? Check out our guide to the best firewalls
Related Post