Google launches new open-source security scanning tool

News
By published

OSV-Scanner tool may provide convenient access to a huge database of vulnerabilities, Google says

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Google has just launched a new tool called OSV-Scanner, a free open source tool it says gives developers easy access to vulnerability information relevant to their project.

In 2021, Google launched the OSV.dev service, a distributed open-source vulnerability database, enabling a variety of open-source ecosystems and vulnerability databases to publish and consume information in one machine-readable format.

According to Google, the OSV-Scanner now provides an officially supported frontend to this OSV database, which connects a project’s list of dependencies with the vulnerabilities that affect them.

What else does this offer?

OSV-Scanner is apparently integrated into the OpenSSF's Scorecard Vulnerabilities check, which means it will be able to extend the analysis from just a project’s direct vulnerabilities to also include vulnerabilities in all its dependencies.

Since software projects often involve many third-party dependencies stemming from outside software libraries, with too many different versions to keep track of manually, automation will be useful for ensuring security according to Google. 

In addition, each vulnerability advisory comes from an "open and authoritative source", for example, the RustSec Advisory Database.

Google says anyone can suggest improvements to advisories, resulting in a very high-quality database.

If you are interested in trying out OSV-Scanner you can head to the website and follow the instructions, or read the GitHub guide.

READ MORE:

> Google backs call for tighter open source security in aftermath of Log4j

> This popular open-source web server has some serious security flaws

> Our guide to the best malware removal tools 

It’s not surprising that Google is looking to pour resources into Open Source Security, open source vulnerabilities remain a key endpoint for hackers to find their way into systems.

In fact, a report from cybersecurity company Snyk, in conjunction with the Linux Foundation found that two in five (41%) firms are not confident in the security of their open-source code.

This lack of trust is handicapping the adoption of the technology in many cases, the number of companies willing to deploy open-source software within their production environments actually fell 5%, from 95% in 2021 to 90% this year.

  • Interested in staying safe online? Check out our guide to the best firewalls
TOPICS
Will McCurdy

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

Read more
coding
Popular open source vulnerability scanner Nuclei forced to patch worrying security flaw
Shadowed hands on a digital background reaching for a login prompt.
A flaw in Google OAuth system is exposing millions of users via abandoned accounts
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
Perforator flame graph
This open source tool could save Google, Microsoft, billions by cutting CPU resources by 20% but even small businesses can benefit
Holographic representation of cloud computing over open businessman's hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
GitHub Webpage
A cracked malicious version of a Go package lay undetected online for years
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
More about security
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Google Chrome

Google Chrome security flaw could have let hackers spy on all your online habits
Samsung Odyssey G9 OLED gaming monitor against a cyan TechRadar deals background

Our favorite ultrawide OLED monitor just got a massive discount for the Amazon Spring Sale - get it now before it nearly doubles in price!
See more latest
Most Popular
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
Render of a new RTX 4000 Max-Q gaming laptop.
I can't say I'm surprised, but Nvidia's RTX 5090 laptop GPU has a big performance leap over its predecessor, according to early benchmarks
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound