Google e hlahisitse sesebelisoa sa lithulusi sa OSV-Scanner ho lekola bofokoli bo ke keng ba ngoloa ka khoutu le lits'ebetsong, ho nahanoa le letoto lohle la litšepeho tse amanang le khoutu. OSV-Scanner e u lumella ho tseba maemo ao kopo e bang kotsing ka lebaka la mathata ho e 'ngoe ea lilaebrari tse sebelisoang e le ts'ehetso. Tabeng ena, laebrari e tlokotsing e ka sebelisoa ka tsela e sa tobang, i.e. ho bitsoa ka boits'epo bo bong. Khoutu ea projeke e ngotsoe ho Go mme e ajoa tlasa laesense ea Apache 2.0.
OSV-Scanner e ka hlahloba sefate sa directory ka bo eona, e tsebahatsa merero le lits'ebetso ka boteng ba li-directory tsa git (tlhahisoleseling mabapi le bofokoli e khethoa ka tlhahlobo ea li-hashes), lifaele tsa SBOM (Software Bill Of Material in SPDX le CycloneDX formats), e bonts'a kapa notlela baokameli ba liphutheloana tsa lifaele joalo ka Yarn, NPM, GEM, PIP le Cargo. E boetse e ts'ehetsa ho lekola litaba tsa litšoantšo tsa setshelo sa Docker tse hahiloeng ho tsoa ho liphutheloana tse tsoang ho polokelo ea Debian.
Lintlha ka bofokoli li nkuoe ho database ea OSV (Open Source Vulnerabilities), e fanang ka lintlha tse mabapi le mathata a tšireletso ho Crates.io (Rust), Go, Maven, NPM (JavaScript), NuGet (C#), Packagist (PHP), PyPI. ( Python), RubyGems, Android, Debian le Alpine, hammoho le lintlha tse mabapi le bofokoli ho Linux kernel le lintlha tse tsoang litlalehong tsa tlokotsi mererong e hlophisitsoeng ho GitHub. Database ea OSV e bonts'a boemo ba ho lokisa bothata, e bonts'a boitlamo ka chebahalo le tokiso ea bofokoli, mefuta e mengata ea liphetolelo tse anngoeng ke tlokotsi, likhokahano tsa polokelo ea projeke ka khoutu, le tsebiso mabapi le bothata. API e fanoeng e u lumella ho latela pontšo ea bofokoli boemong ba boitlamo le li-tag le ho sekaseka boteng ba lihlahisoa tse tsoang ho tse ling le ho its'etleha bothateng.
Source: opennet.ru