Link Search Menu Expand Document
Dendron - TLDR

osv-scanner

Scan various mediums for dependencies and matches them against the OSV database. More information: https://osv.dev/about.

  • Scan a Docker image:

osv-scanner -D {{docker_image_name}}

  • Scan a package lockfile:

osv-scanner -L {{path/to/lockfile}}

  • Scan an SBOM file:

osv-scanner -S {{path/to/sbom_file}}

  • Scan multiple directories recursively:

osv-scanner -r {{directory1 directory2 ...}}

  • Skip scanning Git repositories:

osv-scanner --skip-git {{-r|-D}} {{target}}

  • Output result in JSON format:

osv-scanner --json {{-D|-L|-S|-r}} {{target}}