Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This package hasn't been updated in a long time. The following list of changes was therefore curated to focus on features or recent bugfixes. Changes in 1.7.2: * Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly. * Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info. * Bug #914 Fix regression for go call analysis introduced in 1.7.0. Changes in 1.7.0: * Feature #352 Guided Remediation Introducing our new experimental guided remediation feature on osv-scanner fix subcommand. * Feature #805 Include CVSS MaxSevirity in JSON output. Changes in 1.6.2: * Feature #694 OSV-Scanner now has subcommands! The base command has been moved to scan (currently the only commands is scan). By default if you do not pass in a command, scan will be used, so CLI remains backwards compatible. * Feature #776 Add pdm lockfile support. Changes in 1.6.0 and 1.6.1: * Feature #694 Add support for NuGet lock files version 2. * Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. * Feature #702 Created an option to skip/disable upload to code scanning. * Feature #732 Add option to not fail on vulnerability being found for GitHub Actions. * Feature #729 Verify the spdx licenses passed in to the license allowlist. Changes in 1.5.0: * Feature #501 Add experimental license scanning support! * Feature #642 Support scanning renv files for the R language ecosystem. * Feature #513 Stabilize call analysis for Go * Feature #676 Simplify return codes: Return 0 if there are no findings or errors. Return 1 if there are any findings (license violations or vulnerabilities). Return 128 if no packages are found. * Feature #651 CVSS v4.0 support. * Feature #60 Pre-commit hook support. Changes in 1.4.3: * Feature #621 Add support for scanning vendored C/C++ files. * Feature #581 Scan submodules commit hashes. Changes in 1.4.1: * Feature #534 New SARIF format that separates out individual vulnerabilities * Experimental Feature #57 Experimental Github Action Changes in 1.4.0: * Feature #183 Add (experimental) offline mode * Feature #452 Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project * Feature #505 OSV-Scanner support custom lockfile formats Changes in 1.3.5: * Feature #409 Adds an additional column to the table output which shows the severity if available. Changes in 1.3.0: * Feature #198 GoVulnCheck integration! Try it out when scanning go code by adding the --experimental-call-analysis flag. * Feature #260 Support -r flag in requirements.txt files. * Feature #300 Make IgnoredVulns also ignore aliases. * Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities. Changes in 1.2.0: * Feature #168 Support for scanning debian package status file, usually located in /var/lib/dpkg/status. Thanks @cmaritan * Feature #94 Specify what parser should be used in --lockfile. * Feature #158 Specify output format to use with the --format flag. * Feature #165 Respect .gitignore files by default when scanning. * Feature #156 Support markdown table output format. Thanks @deftdawg * Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4 * Updated documentation! Check it out here: https://google.github.io/osv-scanner/ Changes in 1.1.0: * Feature #98: Support for NuGet ecosystem. * Feature #71: Now supports Pipfile.lock scanning. * Bug #85: Even better support for narrow terminals by shortening osv.dev URLs. * Bug #105: Fix rare cases of too many open file handles. * Bug #131: Fix table highlighting overflow. * Bug #101: Now supports 32 bit systems. Tested on NetBSD/amd64.
- Loading branch information
