OSV-Scanner
OSV-Scanner is an open-source tool created by Google to detect vulnerabilities in projects by scanning dependencies against the OSV database.
OSV-Scanner is a linter for Security.
You can enable the OSV-Scanner linter with:
trunk check enable osv-scannerAuto Enabling
OSV-Scanner will be auto-enabled if any Lockfile files are present.
Settings
OSV-Scanner supports the following config files:
osv-scanner.toml
You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.
Moving osv-scanner.toml to .trunk/configs can cause issues because osv-scanner.toml is only applied to projects in the root folder by default. This can cause issues with any projects in subfolders, such as in a multi-module repository.
To properly configure OSV scanner if you decide to move its config file, you can specify the path to osv-scanner.toml using the --config flag.
Example override to add to trunk.yaml :
commands:
- name: scan
run: |
osv-scanner \
--lockfile=${target} \
--format json \
--config=.trunk/configs/osv-scanner.tomlLinks
OSV-Scanner Trunk Code Quality integration source
Trunk Code Quality's open source plugins repo
Last updated