Google launches new open-source security scanning tool
OSV-Scanner tool may provide convenient access to a huge database of vulnerabilities, Google says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas just launched a new tool called OSV-Scanner, a freeopen sourcetool it says gives developers easy access to vulnerability information relevant to their project.
In 2021, Google launched the OSV.dev service, a distributed open-source vulnerability database, enabling a variety of open-source ecosystems and vulnerability databases to publish and consume information in one machine-readable format.
According to Google, the OSV-Scanner now provides an officially supported frontend to this OSV database, which connects a project’s list of dependencies with the vulnerabilities that affect them.
What else does this offer?
OSV-Scanner is apparently integrated into the OpenSSF’s Scorecard Vulnerabilities check, which means it will be able to extend the analysis from just a project’s direct vulnerabilities to also include vulnerabilities in all its dependencies.
Since software projects often involve many third-party dependencies stemming from outside software libraries, with too many different versions to keep track of manually, automation will be useful for ensuring security according to Google.
In addition, each vulnerability advisory comes from an “open and authoritative source”, for example, the RustSec Advisory Database.
Google says anyone can suggest improvements to advisories, resulting in a very high-quality database.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If you are interested in trying out OSV-Scanner you can head to thewebsiteand follow the instructions, or read theGitHub guide.
Google backs call for tighter open source security in aftermath of Log4j
This popular open-source web server has some serious security flaws
Our guide to the best malware removal tools
It’s not surprising that Google is looking to pour resources into Open Source Security, open source vulnerabilities remain a keyendpointfor hackers to find their way into systems.
In fact, a report from cybersecurity company Snyk, in conjunction with theLinuxFoundation found that two in five (41%) firmsare not confident in the security of their open-source code.
This lack of trust is handicapping the adoption of the technology in many cases, the number of companies willing to deploy open-source software within their production environmentsactually fell 5%, from 95% in 2021 to 90% this year.
Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
