OSV-Scanner

Last updated 2 months ago

OSV-Scanner

is a linter for Security.

You can enable the OSV-Scanner linter with:

trunk check enable osv-scanner

Auto Enabling

OSV-Scanner will be auto-enabled if any Lockfile files are present.

Settings

OSV-Scanner supports the following config files:

osv-scanner.toml

You can move these files to .trunk/configs and trunk check will still find them. See for more info.

Moving osv-scanner.toml to .trunk/configs can cause issues because osv-scanner.toml is only applied to projects in the root folder by default. This can cause issues with any projects in subfolders, such as in a multi-module repository.

To properly configure OSV scanner if you decide to move its config file, you can specify the path to osv-scanner.toml using the --config flag. Example override to add to trunk.yaml :

commands:
  - name: scan
    run: |
      osv-scanner \
        --lockfile=${target} \
        --format json \
        --config=.trunk/configs/osv-scanner.toml

Links

Last updated 2 months ago