https://github.com/iosifache/osv-scanner-snap

The OSV-Scanner vulnerability scanner as a snap 📦
https://github.com/iosifache/osv-scanner-snap

code-scanning osv-dev snapcraft

Last synced: 3 months ago
JSON representation

The OSV-Scanner vulnerability scanner as a snap 📦

• Host: GitHub
• URL: https://github.com/iosifache/osv-scanner-snap
• Owner: iosifache
• License: gpl-3.0
• Created: 2023-12-13T15:02:41.000Z (about 2 years ago)
• Default Branch: candidate
• Last Pushed: 2025-10-02T00:24:18.000Z (3 months ago)
• Last Synced: 2025-10-10T03:47:48.501Z (3 months ago)
• Topics: code-scanning, osv-dev, snapcraft
• Homepage: https://snapcraft.io/osv-scanner
• Size: 211 KB
• Stars: 5
• Watchers: 1
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


    

        

    



Vulnerability scanner for project's dependencies



    

        

    

       

    

        

    

       

    

        

    



# Description

OSV-Scanner is a vulnerability scanner that examines your project's list of dependencies and reports any vulnerabilities that affect the versions you're using. The goal of this repository is to package OSV-Scanner as a (community) snap that can be effortlessly installed across a variety of Linux distributions.

[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/osv-scanner)

> Notice: If you want to view the officially recommended method of installing of the tool, refer to the [OSV-Scanner documentation](https://google.github.io/osv-scanner/installation/).

  

As of December 2023, it supports lockfiles from C, C++, Dart, Elixir, Go, Java, JavaScript, PHP, Python, R, Ruby, and Rust. It also supports custom lockfiles: simply write some glue code to convert your lockfile into an intermediary JSON file with a particular format, and OSV-Scanner will comprehend the latter.

After confirming that a reported vulnerability is a false positive or discovering mitigations other than upgrading the package, OSV-Scanner provides the option to suppress it so that future runs will not display it.

# Local Build

1. Clone this repository: `git clone https://github.com/iosifache/osv-scanner-snap`

2. Move into the cloned repository: `cd osv-scanner-snap`

3. Install Snapcraft: `sudo snap install snapcraft --classic`

4. Build the snap: `snapcraft --verbose`

5. Install the snap: `snap install --dangerous ./osv-scanner_*.snap`

6. Test the snap by running the `osv-scanner` command: `osv-scanner`