LinuxCommandLibrary

osv-scanner

Scan various mediums for dependencies and matches them against the OSV database.

TLDR

Scan a docker image

$ osv-scanner -D [docker_image_name]
copy


Scan a package lockfile
$ osv-scanner -L [path/to/lockfile]
copy


Scan an SBOM file
$ osv-scanner -S [path/to/sbom_file]
copy


Scan multiple directories recursively
$ osv-scanner -r [directory1 directory2 ...]
copy


Skip scanning git repositories
$ osv-scanner --skip-git [-r|-D] [target]
copy


Output result in JSON format
$ osv-scanner --json [-D|-L|-S|-r] [target]
copy

Copied to clipboard