search
Log inGet a demo

OSV-Scanner

OSV-Scanner is an open-source tool created by Google to detect vulnerabilities in projects by scanning dependencies against the OSV database.

OSV-Scannerarrow-up-right is a linter for Security.

You can enable the OSV-Scanner linter with:

trunk check enable osv-scanner

hashtag
Auto Enabling

OSV-Scanner will be auto-enabled if any Lockfile files are present.

hashtag
Settings

OSV-Scanner supports the following config files:

  • osv-scanner.toml

You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.

circle-exclamation

Moving osv-scanner.toml to .trunk/configs can cause issues because osv-scanner.toml is only applied to projects in the root folder by default. This can cause issues with any projects in subfolders, such as in a multi-module repository.

To properly configure OSV scanner if you decide to move its config file, you can specify the path to osv-scanner.toml using the --config flag. Example override to add to trunk.yaml :

commands:
  - name: scan
    run: |
      osv-scanner \
        --lockfile=${target} \
        --format json \
        --config=.trunk/configs/osv-scanner.toml

hashtag
Links

Last updated