"Google Releases Vulnerability Scanner for Open-Source Software, Backed by Community-Editable Database"
Google has announced the release of Open Source Vulnerability (OSV)-Scanner, a free vulnerability scanner for developers to have access to vulnerability information about open-source projects, which is said to be the largest community-editable database for open-source vulnerabilities. OSV-Scanner allows developers to match code and dependencies against lists of known vulnerabilities and determine whether patches or updates are available. It provides security teams with a tool for automating the discovery and patching of vulnerabilities throughout the software supply chain, allowing them to eliminate potential entry points before hackers can exploit them. Last year, Google released the OSV schema and OSV.dev vulnerability database service. The OSV-Scanner has been released at a time when many organizations struggle to manage vulnerabilities, with enterprises taking an average of 60 days to patch critical risk vulnerabilities. Goolge intends to expand the solution by providing greater integration with developer workflows through standalone CI actions to schedule and track new vulnerabilities, as well as by building a larger database of C/C++ vulnerabilities. This article continues to discuss the launch of Google's OSV-Scanner.