Google has officially launched OSV-Scanner V2.0.0, a major upgrade to its open-source vulnerability scanning tool.\u00a0<\/p>\n
Released on March 17, 2025, this new version represents a significant evolution in helping developers identify and fix security vulnerabilities in their software dependencies.<\/p>\n
The V2 release<\/a> builds upon the foundation laid with OSV-SCALIBR and introduces substantial new features that transform OSV-Scanner into a comprehensive vulnerability detection and remediation platform.\u00a0<\/p>\n Originally launched in December 2022, OSV-Scanner has become an essential tool for open-source security, providing developers with easy access to vulnerability information relevant to their projects.<\/p>\n \u201cThis V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with broad support for formats and ecosystems,\u201d notes the Google Open Source Security Team<\/p>\n The most notable advancements in OSV-Scanner V2 include:<\/p>\n The release represents the first major integration of OSV-SCALIBR features into OSV-Scanner, significantly expanding support for various dependencies.<\/p>\n New supported formats include:<\/p>\n OSV-Scanner V2 introduces comprehensive scanning for Debian, Ubuntu<\/a>, and Alpine container images, providing:<\/p>\n This feature offers layer analysis showing where packages were introduced, layer history, base image identification, and vulnerability filtering specific to container environments.<\/p>\n The new HTML report format provides enhanced visualization capabilities, including severity breakdown, filtering options, and detailed vulnerability information.\u00a0<\/p>\n For container images, it adds layer filtering and base image identification features, available through the command:<\/p>\n This makes vulnerability information more accessible and actionable.<\/p>\n Guided Remediation for Maven: Building on the guided remediation feature for npm packages<\/a>, V2 now extends this capability to Java through Maven pom.xml support:<\/p>\n This allows developers to remediate direct and transitive dependency vulnerabilities through direct version updates or dependency management overrides.<\/p>\n While incorporating numerous improvements, OSV-Scanner V2 includes breaking changes aimed at future-proofing the tool.\u00a0The release includes a comprehensive migration guide to ensure a smooth upgrade process for existing users.\u00a0<\/p>\n Some notable changes include guided remediation defaulting to non-interactive mode, experimental flags being removed, and merged license flags.<\/p>\n The OSV-Scanner tool provides significant benefits compared to closed-source alternatives.\u00a0<\/p>\n As an open-source, distributed vulnerability database, OSV offers high-quality advisories that can be improved by community contributions, resulting in precise, machine-readable vulnerability information that maps accurately to package dependencies.<\/p>\n Developers across various programming languages can now utilize OSV-Scanner V2 to enhance their security posture and efficiently manage vulnerability remediation in their open-source dependencies. <\/p>\n OSV-Scanner is available for immediate download from the official GitHub repository<\/a>.<\/p>\n The post Google Released Open Source Version of OSV-Scanner Tool for Vulnerability Scanning<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Innovations in V2<\/strong><\/h2>\n
Enhanced Dependency Extraction with OSV-SCALIBR: <\/strong><\/h4>\n
\n
Layer-Aware Container Scanning <\/strong><\/h4>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdOjp2ANrC3m-DkUTe27uB8DXdw0h0-gyr7sjwHpVdo0hALOO1JUamuvmZCH35P86FfCqrfBE2X0hvWJ41ypXv4jPYdUZuSRjuvcNyrpHfFvW1upJPQnrm0cEyy8yOGaRN3jZbA?key=bJ-senDW3TWmLfd1CSYmD9xA\")
Interactive HTML Output<\/strong><\/h4>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXd7hg-dzxTCP-oggiAac566iJ_Sba7KVDO-De8E6O06HAqSTUxUGtaW5TlUeu691BnhgWphu1490u3x3BPXMOU-35jKZ-DGo799r0xD4xoq7a7-7AgRsaNJY2MIbbLKziKtNhJsFQ?key=bJ-senDW3TWmLfd1CSYmD9xA\")
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdrsPXSFGgSPq-vit3LSI9L6L6aCdn5T3l7aA9x2mmNT4JkP0vlaJQ5GKcafM-FSmMsYYg1Y-GM6qSu0Y74BJwY7gaHVrDFIt0b0rO1bqmyVGKc5wbIfDBA-km0rpENJtXK-h7BlQ?key=bJ-senDW3TWmLfd1CSYmD9xA\")
Are you from SOC\/DFIR Teams? \u2013 Analyse Malware Incidents & get live Access with ANY.RUN ->\u00a0Start Now for Free<\/a>.<\/strong><\/code><\/strong><\/strong><\/p>\n
![\"\"](\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcn5nP83ewkN-RjTm0OuX08Rsd1dYKLmmlXR1bTTgI0emaMf0SSCDomsh3CdzTcCPprnecKpWzQtF2dCOxZcqfkOVlMPeyE0lTxQABRAD3mgz4ugn3qKi5ROjLMe65yY-iys_93BA?key=bJ-senDW3TWmLfd1CSYmD9xA\")