Google ewebatala OSV-Scanner Toolkit iji lelee adịghị ike na koodu na ngwa, na-eburu n'uche usoro ndabere niile metụtara koodu ahụ. OSV-Scanner na-enye gị ohere ịchọpụta ọnọdụ ebe ngwa na-adị mfe n'ihi nsogbu dị n'otu n'ime ọba akwụkwọ eji dị ka ndabere. N'okwu a, ọbá akwụkwọ na-adịghị ike nwere ike iji mee ihe na-apụtaghị ìhè, ya bụ. a ga-akpọ ya site na ndabere ọzọ. Edere koodu ọrụ ahụ na Go wee kesaa n'okpuru ikike Apache 2.0.
OSV-Scanner nwere ike inyocha osisi ndekọ na akpaghị aka, na-achọpụta ọrụ na ngwa dabere na ọnụnọ nke ndekọ Git (a na-ekpebi ozi adịghị ike site na inyocha hashes commit), faịlụ SBOM (Ngwaọrụ Bill of Material na usoro SPDX na CycloneDX), yana ngosipụta ma ọ bụ mkpọchi faịlụ site na ndị njikwa ngwugwu dịka Yarn, NPM, GEM, PIP, na Cargo. Ọ na-akwadokwa inyocha ibu nke onyonyo akpa Docker e wuru site na ngwugwu na ebe nchekwa. Debian.
A na-enweta ozi gbasara adịghị ike ahụ site na nchekwa data OSV (Open Source Vulnerabilities), nke na-ekpuchi ozi gbasara nsogbu nchekwa na ebe nchekwa ndị a: Crate.io (Rust), Go, Maven, NPM (JavaScript), NuGet (C#), Packagist (PHP), PyPI (Python), RubyGems, Android, Debian na Alpine, yana data adịghị ike kernel Linux na ozi sitere na akụkọ adịghị ike na ọrụ ndị a na-akwado na GitHub. Nchekwa data OSV na-egosipụta ọnọdụ ndozi nke nsogbu ahụ, nkwa ndị webatara ma dozie adịghị ike ahụ, ọtụtụ ụdị ndị emetụtara, njikọ na ebe nchekwa koodu ọrụ ahụ, na ọkwa nsogbu ahụ. API enyere na-enye ohere maka nchọpụta adịghị ike na ọkwa nkwenye na tag yana nyocha nke mmetụta adịghị ike ahụ na ngwaahịa na ịdabere na ya.
isi: opennet.ru
