Google has released a new free tool that allows open-source developers to more easily access vulnerability information relevant to their projects.
The Go-based tool — called OSV-Scanner — provides an automated capability to match a developer’s code and dependencies against lists of known vulnerabilities and deliver instant feedback if patches or updates are needed.
Software projects are usually built on top of a mountain of dependencies — instead of starting from zero, developers…
Source link