Osv-Scalibr
Analyzes software composition to extract inventory data, detect vulnerabilities, and generate SBOMs.
关于
OSV-SCALIBR is an extensible library for software composition analysis. It provides a file system scanner to extract software inventory data (e.g., installed language packages), detect known vulnerabilities, and generate SBOMs. It also includes container analysis functionality, guided remediation for transitive vulnerabilities, and the ability to run custom plugins. It can be used as a library or via the OSV-Scanner CLI, offering flexibility for various scanning needs, including container images and remote hosts.
主要功能
- Guided Remediation
- Vulnerability detection
- Container analysis
- SBOM generation
- File system scanning for software inventory extraction
- 345 GitHub stars
使用案例
- Analyzing remote hosts for software composition
- Generating SPDX documents for software inventory
- Scanning container images for vulnerabilities
Sponsored