Ecosyste.ms: Summary
An open API service providing a high level summary for open source projects.
https://github.com/google/osv-scanner
scanner security-audit security-tools vulnerability-scanner
Score: 21.87818648481593
Last synced: about 13 hours ago
JSON representation
Repository metadata:
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
- Host: GitHub
- URL: https://github.com/google/osv-scanner
- Owner: google
- License: apache-2.0
- Created: 2022-11-14T01:05:20.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-11T06:08:50.000Z (23 days ago)
- Last Synced: 2024-04-13T21:01:36.894Z (20 days ago)
- Topics: scanner, security-audit, security-tools, vulnerability-scanner
- Language: Go
- Homepage: https://google.github.io/osv-scanner/
- Size: 7.01 MB
- Stars: 5,801
- Watchers: 56
- Forks: 313
- Open Issues: 102
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Support: docs/supported_languages_and_lockfiles.md
Owner metadata:
- Name: Google
- Login: google
- Email: [email protected]
- Kind: organization
- Description: Google ❤️ Open Source
- Website: https://opensource.google/
- Location:
- Twitter: GoogleOSS
- Company:
- Icon url: https://avatars.githubusercontent.com/u/1342004?v=4
- Repositories: 2445
- Last ynced at: 2023-04-09T05:37:45.829Z
- Profile URL: https://github.com/google
Committers metadata
Last synced: 2 days ago
Total Commits: 610
Total Committers: 61
Avg Commits per committer: 10.0
Development Distribution Score (DDS): 0.726
Commits in past year: 405
Committers in past year: 31
Avg Commits per committer in past year: 13.065
Development Distribution Score (DDS) in past year: 0.728
| Name | Commits | |
|---|---|---|
| Rex P | 1****x | 167 |
| Mend Renovate | b****t@r****m | 139 |
| Gareth Jones | J****8@G****m | 99 |
| Michael Kedar | m****r@g****m | 39 |
| Hayley Denbraver | d****r@g****m | 27 |
| Oliver Chang | o****g | 19 |
| Xueqin Cui | 7****q | 17 |
| dependabot[bot] | 4****] | 10 |
| josieang | 3****g | 9 |
| Holly Gong | 3****2 | 8 |
| Claudio Maritan | c****n | 6 |
| Rex P | r****n@g****m | 5 |
| Caleb Brown | c****n@g****m | 5 |
| Dana Sherson | r****t@d****h | 3 |
| Spencer Schrock | s****k@g****m | 3 |
| Andrew Pollock | a****k | 3 |
| Kemal Zebari | 6****b | 3 |
| Jhonn W. Frazão | f****n@g****m | 2 |
| Julie Qiu | j****e@g****g | 2 |
| Iuri de Silvio | i****o@g****m | 2 |
| Billie Lynch | 2****h | 2 |
| Keshav Malik | 3****y | 1 |
| Linda_pp | r****d | 1 |
| Oliver Nocon | 3****n | 1 |
| Rui Chen | r****i@c****v | 1 |
| davift | 7****t | 1 |
| wolf99 | 2****9 | 1 |
| Brandon | 2****x | 1 |
| Artem A | 6****m | 1 |
| Omri Bornstein | o****r@g****m | 1 |
| and 31 more... | ||
Issue and Pull Request metadata
Last synced: 3 days ago
Total issues: 153
Total pull requests: 552
Average time to close issues: about 2 months
Average time to close pull requests: 9 days
Total issue authors: 79
Total pull request authors: 47
Average comments per issue: 3.09
Average comments per pull request: 1.27
Merged pull request: 464
Bot issues: 1
Bot pull requests: 25
Past year issues: 104
Past year pull requests: 482
Past year average time to close issues: 24 days
Past year average time to close pull requests: 5 days
Past year issue authors: 56
Past year pull request authors: 38
Past year average comments per issue: 2.39
Past year average comments per pull request: 1.25
Past year merged pull request: 407
Past year bot issues: 0
Past year bot pull requests: 22
Top Issue Authors
- another-rex (25)
- oliverchang (24)
- G-Rath (4)
- michaelkedar (4)
- hayleycd (4)
- alex (3)
- spencerschrock (3)
- suzuki-shunsuke (3)
- ddkilzer (3)
- jayvdb (3)
- theinfosecguy (3)
- LironJit (2)
- josieang (2)
- picatz (2)
- andrewpollock (2)
Top Pull Request Authors
- renovate-bot (138)
- another-rex (124)
- G-Rath (88)
- michaelkedar (37)
- hayleycd (27)
- dependabot[bot] (25)
- cuixq (19)
- oliverchang (12)
- josieang (10)
- hogo6002 (8)
- calebbrown (6)
- kemzeb (5)
- julieqiu (4)
- robotdana (4)
- andrewpollock (3)
Top Issue Labels
- enhancement (59)
- bug (26)
- documentation (10)
- good first issue (9)
- question (6)
- priority (4)
- V2 Wishlist (3)
- infra (2)
- help wanted (1)
- performance (1)
Top Pull Request Labels
- dependencies (163)
- go (13)
- ruby (6)
- java (2)
- enhancement (1)
- javascript (1)
Package metadata
- Total packages: 5
-
Total downloads:
- homebrew: 336 last-month
- Total docker downloads: 8,435
- Total dependent packages: 18 (may contain duplicates)
- Total dependent repositories: 10 (may contain duplicates)
- Total versions: 84
- Total maintainers: 1
proxy.golang.org: github.com/google/osv-scanner
- Homepage: https://github.com/google/osv-scanner
- Documentation: https://pkg.go.dev/github.com/google/osv-scanner#section-documentation
- Licenses: Apache-2.0
- Latest release: v1.7.2 (published 15 days ago)
- Last Synced: 2024-05-01T04:31:55.520Z (3 days ago)
- Versions: 32
- Dependent Packages: 18
- Dependent Repositories: 9
- Docker Downloads: 8,435
-
Rankings:
- Stargazers count: 0.977%
- Docker downloads count: 1.172%
- Dependent repos count: 1.78%
- Forks count: 1.816%
- Average: 1.89%
- Dependent packages count: 3.706%
alpine-v3.18: osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
- Homepage: https://github.com/google/osv-scanner
- Licenses: Apache-2.0
- Latest release: 1.3.3-r4 (published 6 months ago)
- Last Synced: 2024-05-01T04:32:00.403Z (3 days ago)
- Versions: 6
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 2.252%
- Stargazers count: 3.137%
- Forks count: 5.87%
- Maintainers (1)
alpine-edge: osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
- Homepage: https://github.com/google/osv-scanner
- Licenses: Apache-2.0
- Latest release: 1.6.1-r2 (published 27 days ago)
- Last Synced: 2024-05-01T04:31:58.123Z (3 days ago)
- Versions: 20
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Dependent repos count: 0.0%
- Stargazers count: 3.19%
- Average: 6.398%
- Forks count: 7.761%
- Dependent packages count: 14.641%
- Maintainers (1)
formulae.brew.sh: osv-scanner
Vulnerability scanner which uses the OSV database
- Homepage: https://github.com/google/osv-scanner
- Licenses: Apache-2.0
- Latest release: 1.7.2 (published 13 days ago)
- Last Synced: 2024-05-01T04:31:56.260Z (3 days ago)
- Versions: 23
- Dependent Packages: 0
- Dependent Repositories: 1
- Downloads: 336 Last month
-
Rankings:
- Stargazers count: 5.3%
- Forks count: 9.314%
- Average: 17.456%
- Dependent packages count: 19.43%
- Downloads: 23.734%
- Dependent repos count: 29.505%
alpine-v3.19: osv-scanner
Vulnerability scanner written in Go which uses the data provided by https://osv.dev
Dependencies
go.mod
go
- github.com/BurntSushi/toml v1.2.0
- github.com/CycloneDX/cyclonedx-go v0.7.0
- github.com/cpuguy83/go-md2man/v2 v2.0.2
- github.com/google/go-cmp v0.5.9
- github.com/jedib0t/go-pretty/v6 v6.4.0
- github.com/mattn/go-runewidth v0.0.13
- github.com/package-url/packageurl-go v0.1.0
- github.com/rivo/uniseg v0.2.0
- github.com/russross/blackfriday/v2 v2.1.0
- github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb
- github.com/spdx/tools-golang v0.3.0
- github.com/urfave/cli/v2 v2.23.0
- github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
- golang.org/x/exp v0.0.0-20221031165847-c99f073a8326
- golang.org/x/mod v0.6.0
- golang.org/x/sys v0.1.0
- golang.org/x/term v0.1.0
- gopkg.in/yaml.v2 v2.4.0
go.sum
go
- github.com/BurntSushi/toml v1.2.0
- github.com/CycloneDX/cyclonedx-go v0.7.0
- github.com/bradleyjkemp/cupaloy/v2 v2.8.0
- github.com/cpuguy83/go-md2man/v2 v2.0.2
- github.com/davecgh/go-spew v1.1.0
- github.com/davecgh/go-spew v1.1.1
- github.com/google/go-cmp v0.5.9
- github.com/jedib0t/go-pretty/v6 v6.4.0
- github.com/mattn/go-runewidth v0.0.13
- github.com/package-url/packageurl-go v0.1.0
- github.com/pkg/profile v1.6.0
- github.com/pmezard/go-difflib v1.0.0
- github.com/rivo/uniseg v0.2.0
- github.com/russross/blackfriday/v2 v2.1.0
- github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb
- github.com/spdx/tools-golang v0.3.0
- github.com/stretchr/objx v0.1.0
- github.com/stretchr/objx v0.4.0
- github.com/stretchr/testify v1.7.1
- github.com/stretchr/testify v1.7.4
- github.com/stretchr/testify v1.8.0
- github.com/urfave/cli/v2 v2.23.0
- github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
- golang.org/x/exp v0.0.0-20221031165847-c99f073a8326
- golang.org/x/mod v0.6.0
- golang.org/x/sys v0.0.0-20190412213103-97732733099d
- golang.org/x/sys v0.1.0
- golang.org/x/term v0.1.0
- gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
- gopkg.in/yaml.v2 v2.4.0
- gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
- gopkg.in/yaml.v3 v3.0.1
.github/workflows/codeql-analysis.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- github/codeql-action/analyze 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
- github/codeql-action/autobuild 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
- github/codeql-action/init 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
.github/workflows/goreleaser.yml
actions
- ./.github/workflows/lint-action * composite
- ./.github/workflows/test-action * composite
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-go 93397bea11091df50f3d7e59dc26a7711a8bcfbe composite
- docker/login-action 343f7c4344506bcbf9b4de18042ae17996df046d composite
- docker/setup-buildx-action f95db51fddba0c2d1ec667646a06c2ce06100226 composite
- docker/setup-qemu-action 68827325e0b33c7199eb31dd4e31fbe9023e06e3 composite
- goreleaser/goreleaser-action 7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 composite
.github/workflows/link-check-on-push.yml
actions
- actions/checkout master composite
- gaurav-nelson/github-action-markdown-link-check a996638015fbc9ef96beef1a41bbad7df8e06154 composite
.github/workflows/link-check.yml
actions
- actions/checkout master composite
- gaurav-nelson/github-action-markdown-link-check a996638015fbc9ef96beef1a41bbad7df8e06154 composite
.github/workflows/lint-action/action.yml
actions
- golangci/golangci-lint-action 3a919529898de77ec3da873e3063ca4b10e7f5cc composite
.github/workflows/lint.yaml
actions
- ./.github/workflows/lint-action * composite
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-go 93397bea11091df50f3d7e59dc26a7711a8bcfbe composite
.github/workflows/osv-scanner-pr.yml
actions
.github/workflows/osv-scanner-reusable-pr.yml
actions
- actions/checkout v4 composite
- actions/upload-artifact a8a3f3ad30e3422c9c7b888a15615d19a852ae32 composite
- github/codeql-action/upload-sarif 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
- google/osv-scanner/actions/reporter main composite
- google/osv-scanner/actions/scanner main composite
.github/workflows/osv-scanner-reusable-scheduled.yml
actions
- actions/checkout v4 composite
- actions/upload-artifact a8a3f3ad30e3422c9c7b888a15615d19a852ae32 composite
- github/codeql-action/upload-sarif 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
- google/osv-scanner/actions/scanner main composite
.github/workflows/osv-scanner-scheduled.yml
actions
.github/workflows/scorecards.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/upload-artifact a8a3f3ad30e3422c9c7b888a15615d19a852ae32 composite
- github/codeql-action/upload-sarif 00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 composite
- ossf/scorecard-action 08b4669551908b1024bb425080c797723083c031 composite
.github/workflows/test-action/action.yml
actions
- codecov/codecov-action eaaf4bedf32dbdc6b720b63067d99c4d77d6047d composite
.github/workflows/test.yml
actions
- ./.github/workflows/test-action * composite
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-go 93397bea11091df50f3d7e59dc26a7711a8bcfbe composite
actions/reporter/action.yml
actions
- ../../action.dockerfile * docker
actions/scanner/action.yml
actions
- ../../action.dockerfile * docker
Dockerfile
docker
- alpine 3.18@sha256 build
- golang alpine@sha256 build
internal/sourceanalysis/integration/fixtures-go/test-project/go.mod
go
- github.com/gogo/protobuf v1.3.1
- github.com/ipfs/go-bitfield v1.0.0
- golang.org/x/image v0.4.0
internal/sourceanalysis/integration/fixtures-go/test-project/go.sum
go
- github.com/gogo/protobuf v1.3.1
- github.com/ipfs/go-bitfield v1.0.0
- github.com/kisielk/errcheck v1.2.0
- github.com/kisielk/gotool v1.0.0
- github.com/yuin/goldmark v1.4.13
- golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
- golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
- golang.org/x/image v0.4.0
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
- golang.org/x/net v0.0.0-20190620200207-3b0461eec859
- golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
- golang.org/x/net v0.0.0-20220722155237-a158d28d115b
- golang.org/x/sync v0.0.0-20190423024810-112230192c58
- golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
- golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a
- golang.org/x/sys v0.0.0-20201119102817-f84b799fce68
- golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1
- golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
- golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
- golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
- golang.org/x/text v0.3.0
- golang.org/x/text v0.3.3
- golang.org/x/text v0.3.7
- golang.org/x/text v0.7.0
- golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e
- golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563
- golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e
- golang.org/x/tools v0.1.12
- golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
cmd/osv-scanner/fixtures/locks-empty/yarn.lock
npm
cmd/osv-scanner/fixtures/locks-gitignore/ignored/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-gitignore/subdir/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-gitignore/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-many/package-lock.json
npm
- ansi-html 0.0.1
cmd/osv-scanner/fixtures/locks-many/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-many-with-invalid/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-one-with-nested/yarn.lock
npm
- balanced-match 1.0.2
cmd/osv-scanner/fixtures/locks-empty/composer.lock
packagist
cmd/osv-scanner/fixtures/locks-gitignore/composer.lock
packagist
- sentry/sdk 2.0.4
cmd/osv-scanner/fixtures/locks-gitignore/subdir/composer.lock
packagist
- sentry/sdk 2.0.4
cmd/osv-scanner/fixtures/locks-insecure/composer.lock
packagist
cmd/osv-scanner/fixtures/locks-many/composer.lock
packagist
- sentry/sdk 2.0.4
cmd/osv-scanner/fixtures/locks-many-with-invalid/composer.lock
packagist
cmd/osv-scanner/fixtures/locks-one-with-nested/nested/composer.lock
packagist
- sentry/sdk 2.0.4
pkg/lockfile/fixtures/pip/with-per-requirement-options.txt
pypi
- BarProject >=1.2
- FooProject ==1.2
- boto3 ==1.26.121
- foo ==1.0.0
cmd/osv-scanner/fixtures/locks-empty/Gemfile.lock
rubygems
cmd/osv-scanner/fixtures/locks-gitignore/Gemfile.lock
rubygems
- ast 2.4.2
- bundler 2.2.28
cmd/osv-scanner/fixtures/locks-gitignore/ignored/Gemfile.lock
rubygems
- ast 2.4.2
- bundler 2.2.28
cmd/osv-scanner/fixtures/locks-gitignore/subdir/Gemfile.lock
rubygems
- ast 2.4.2
- bundler 2.2.28
cmd/osv-scanner/fixtures/locks-many/Gemfile.lock
rubygems
- ast 2.4.2
- bundler 2.2.28
cmd/osv-scanner/fixtures/locks-many-with-invalid/Gemfile.lock
rubygems
- ast 2.4.2
- bundler 2.2.28
docs/Gemfile
rubygems
- github-pages ~> 228 development
- jekyll-feed ~> 0.12 development
- http_parser.rb ~> 0.8.0
- tzinfo >= 1, < 3
- tzinfo-data >= 0
- wdm ~> 0.1.1
- webrick ~> 1.7
docs/Gemfile.lock
rubygems
- activesupport 7.0.7.2
- addressable 2.8.5
- bundler 2.4.6
- coffee-script 2.4.1
- coffee-script-source 1.11.1
- colorator 1.1.0
- commonmarker 0.23.10
- concurrent-ruby 1.2.2
- dnsruby 1.70.0
- em-websocket 0.5.3
- ethon 0.16.0
- eventmachine 1.2.7
- execjs 2.8.1
- faraday 2.7.10
- faraday-net_http 3.0.2
- ffi 1.15.5
- forwardable-extended 2.6.0
- gemoji 3.0.1
- github-pages 228
- github-pages-health-check 1.17.9
- html-pipeline 2.14.3
- http_parser.rb 0.8.0
- i18n 1.14.1
- jekyll 3.9.3
- jekyll-avatar 0.7.0
- jekyll-coffeescript 1.1.1
- jekyll-commonmark 1.4.0
- jekyll-commonmark-ghpages 0.4.0
- jekyll-default-layout 0.1.4
- jekyll-feed 0.15.1
- jekyll-gist 1.5.0
- jekyll-github-metadata 2.13.0
- jekyll-include-cache 0.2.1
- jekyll-mentions 1.6.0
- jekyll-optional-front-matter 0.3.2
- jekyll-paginate 1.1.0
- jekyll-readme-index 0.3.0
- jekyll-redirect-from 0.16.0
- jekyll-relative-links 0.6.1
- jekyll-remote-theme 0.4.3
- jekyll-sass-converter 1.5.2
- jekyll-seo-tag 2.8.0
- jekyll-sitemap 1.4.0
- jekyll-swiss 1.0.0
- jekyll-theme-architect 0.2.0
- jekyll-theme-cayman 0.2.0
- jekyll-theme-dinky 0.2.0
- jekyll-theme-hacker 0.2.0
- jekyll-theme-leap-day 0.2.0
- jekyll-theme-merlot 0.2.0
- jekyll-theme-midnight 0.2.0
- jekyll-theme-minimal 0.2.0
- jekyll-theme-modernist 0.2.0
- jekyll-theme-primer 0.6.0
- jekyll-theme-slate 0.2.0
- jekyll-theme-tactile 0.2.0
- jekyll-theme-time-machine 0.2.0
- jekyll-titles-from-headings 0.5.3
- jekyll-watch 2.2.1
- jemoji 0.12.0
- kramdown 2.3.2
- kramdown-parser-gfm 1.1.0
- liquid 4.0.4
- listen 3.8.0
- mercenary 0.3.6
- minima 2.5.1
- minitest 5.19.0
- nokogiri 1.15.4
- octokit 4.25.1
- pathutil 0.16.2
- public_suffix 4.0.7
- racc 1.7.1
- rb-fsevent 0.11.2
- rb-inotify 0.10.1
- rexml 3.2.6
- rouge 3.26.0
- ruby2_keywords 0.0.5
- rubyzip 2.3.2
- safe_yaml 1.0.5
- sass 3.7.4
- sass-listen 4.0.0
- sawyer 0.9.2
- simpleidn 0.2.1
- terminal-table 1.8.0
- typhoeus 1.4.0
- tzinfo 2.0.6
- unf 0.1.4
- unf_ext 0.0.8.2
- unicode-display_width 1.8.0
- webrick 1.8.1
internal/sbom/fixtures/cyclonedx.json
swiftpm