-
Notifications
You must be signed in to change notification settings - Fork 182
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move OSV scanner directory, and update README. (#377)
- Loading branch information
1 parent
42c14d9
commit a6ff9ea
Showing
9 changed files
with
41 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# Vulnerability scanner (preview). | ||
|
||
This contains a vulnerability scanner written in Go. | ||
|
||
This tool is currently under development and is subject | ||
to change. | ||
|
||
## Scanning an SBOM | ||
|
||
[SPDX] and [CycloneDX] SBOMs using [Package URLs] are | ||
supported. The format is auto-detected based on the | ||
input file contents. | ||
|
||
[SPDX]: https://spdx.dev/ | ||
[CycloneDX]: https://cyclonedx.org/ | ||
[Package URLs]: https://github.com/package-url/purl-spec | ||
|
||
```bash | ||
$ go run cmd/scanner.go /path/to/your/sbom.json | ||
``` | ||
|
||
### Example | ||
|
||
```bash | ||
$ go run cmd/scanner.go /path/to/your/repo | ||
``` | ||
|
||
## Scanning a directory | ||
|
||
Given a list of directories, this tool will recursively | ||
search for git repositories and make requests to OSV to | ||
determine affected vulnerabilities. | ||
|
||
This is intended to work with projects that use git submodules or a similar | ||
mechanism where dependencies are checked out as real git repositories. | ||
|
||
### Example | ||
|
||
```bash | ||
$ go run cmd/scanner.go /path/to/your/repo | ||
``` |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file was deleted.
Oops, something went wrong.