I-Google yethule ikhithi yamathuluzi ye-OSV-Skena ukuze ihlole ubungozi obungakabhaliswa kukhodi nezinhlelo zokusebenza, kucatshangelwa lonke uchungechunge lokuncika oluhlotshaniswa nekhodi. I-OSV-Scanner ikuvumela ukuthi ukhombe izimo lapho uhlelo lokusebenza luba sengcupheni ngenxa yezinkinga kwenye yemitapo yolwazi esetshenziswa njengokuncika. Kulokhu, umtapo wolwazi osengozini ungasetshenziswa ngokungaqondile, i.e. abizwe ngokunye ukuncika. Ikhodi yephrojekthi ibhalwe ku-Go futhi isatshalaliswa ngaphansi kwelayisensi ye-Apache 2.0.
I-OSV-Scanner ingaskena ngokuzenzakalelayo isihlahla somkhombandlela, ihlonze amaphrojekthi nezinhlelo zokusebenza ngokuba khona kwezinkomba ze-git (ulwazi mayelana nobungozi lunqunywa ngokuhlaziywa kokuzibophezela), amafayela we-SBOM (I-Software Bill Of Material kumafomethi we-SPDX kanye ne-CycloneDX), iveza noma Khiya amafayela abaphathi bephakheji njenge-Yarn, NPM, GEM, PIP kanye ne-Cargo. Iphinde isekele ukuskena okuqukethwe kwezithombe zesitsha se-Docker ezakhiwe ngamaphakheji asuka kumakhosombe e-Debian.
Ulwazi olumayelana nokuba sengozini luthathwe kusizindalwazi se-OSV (Open Source Vulnerabilities), esihlanganisa ulwazi mayelana nezinkinga zokuphepha ku-Crates.io (Rust), Go, Maven, NPM (JavaScript), NuGet (C#), Packagist (PHP), PyPI ( Python), i-RubyGems, i-Android, i-Debian ne-Alpine, kanye nedatha emayelana nokuba sengozini ku-Linux kernel kanye nolwazi oluvela emibikweni yokuba sengozini kumaphrojekthi asingathwe ku-GitHub. Isizindalwazi se-OSV sibonisa isimo sokulungiswa kwenkinga, sibonisa ukuzibophezela ngokubukeka nokulungiswa kokuba sengozini, ububanzi bezinguqulo ezithintwa ukuba sengozini, izixhumanisi zendawo yephrojekthi enekhodi, kanye nesaziso esimayelana nenkinga. I-API enikeziwe ikuvumela ukuthi ulandelele ukubonakaliswa kobungozi ezingeni lezibopho nomaka futhi uhlaziye ukuthambekela kwemikhiqizo ephuma kokunye nokuncika enkingeni.
Source: opennet.ru