osv-scanner
Scan various mediums for dependencies and matches them against the OSV database. More information: https://osv.dev/about.
-
Scan a docker image:
osv-scanner -D {{docker_image_name}}
-
Scan a package lockfile:
osv-scanner -L {{path/to/lockfile}}
-
Scan an SBOM file:
osv-scanner -S {{path/to/sbom_file}}
-
Scan multiple directories recursively:
osv-scanner -r {{directory1 directory2 ...}}
-
Skip scanning git repositories:
osv-scanner --skip-git {{-r|-D}} {{target}}
-
Output result in JSON format:
osv-scanner --json {{-D|-L|-S|-r}} {{target}}
License and Disclaimer
The content on this page is copyright © 2014—present the tldr-pages team and contributors.This page is used with permission under Creative Commons Attribution 4.0 International License.
While we do attempt to make sure content is accurate, there isn't a warranty of any kind.