osv-scanner
Scan various mediums for dependencies and matches them against the OSV database. More information: https://osv.dev/about.
- Scan a Docker image:
osv-scanner -D {{docker_image_name}}
- Scan a package lockfile:
osv-scanner -L {{path/to/lockfile}}
- Scan an SBOM file:
osv-scanner -S {{path/to/sbom_file}}
- Scan multiple directories recursively:
osv-scanner -r {{directory1 directory2 ...}}
- Skip scanning Git repositories:
osv-scanner --skip-git {{-r|-D}} {{target}}
- Output result in JSON format:
osv-scanner --json {{-D|-L|-S|-r}} {{target}}