osv.dev

Open source vulnerability DB and triage service. (by google)
Add to my DEV experience Security security-tools vulnerability-scanners vulnerability-management Vulnerability vulnerability-databases
Source Code
osv.dev
osv.dev Reviews
Suggest alternative
Edit details
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

Osv.dev Alternatives

Similar projects and alternatives to osv.dev

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better osv.dev alternative or higher similarity.
Suggest an alternative to osv.dev

osv.dev reviews and mentions

Posts with mentions or reviews of osv.dev. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-15.
  • Magika: AI powered fast and efficient file type identification
    15 projects | news.ycombinator.com | 15 Feb 2024
    Is it safe to assume that hashing (1) every file on disk, or (2) any given file on disk at random, will yield random bits with uniform probability; and (3) why Argon2 instead of e.g. only two rounds of SHA256?

    https://github.com/google/osv.dev/blob/master/README.md#usin... :

    > We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API. ... With package metadata, not (a file hash, package) database that could be generated from OSV and the actual package files instead of their manifest of already-calculated checksums.

    Might as well be heating a pool on the roof with all of this waste heat from hashing binaries build from code of unknown static and dynamic quality.

    Add'l useful formats:

    > Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories

  • Dependabot vs RenovateBot
    2 projects | /r/golang | 27 Jun 2023
    Also it supports an alternative sources of CVEs with https://osv.dev
  • Pyscan: A command-line tool to detect security issues in your python dependencies.
    2 projects | /r/Python | 17 May 2023
    https://osv.dev its open source and even has a free API with almost all the popular languages. One of the inspirations for my project.
  • Announcing Pyscan: A dependency vulnerability scanner for python projects.
    3 projects | /r/u_aswin__ | 15 May 2023
    pyscan uses OSV as its database for now. There are plans to add a few more.
  • We should start to add “ai.txt” as we do for “robots.txt”
    7 projects | news.ycombinator.com | 10 May 2023
    JSON-LD or RDFa (RDF in HTML attributes) in at least the /index.html the HTML footer should be sufficient to indicate that there is structured linked data metadata for crawlers that then don't need an HTTP request to a .well-known URL /.well-known/ai_security_reproducibility_carbon.txt.jsonld.json

    OSV is a new format for reporting security vulnerabilities like CVEs and an HTTP API for looking up CVEs from software component name and version. https://github.com/google/osv.dev#third-party-tools-and-inte... :

    > We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API.

    > Currently it is able to scan various lockfiles, -- (repo2docker REES config files) -- debian docker containers, SPDX and CycloneDB SBOMs, and git repositories.

  • Ask HN: Most interesting tech you built for just yourself?
    149 projects | news.ycombinator.com | 27 Apr 2023
    Something I've recently worked on is building an SQLite database of all the dependencies my organisation uses, which makes it possible to write our own queries and reports. The tool is all Open Source (https://dmd.tanna.dev) and has a CLI as well as the SQLite data.

    Ive used it to look for software that's out of date (via https://endoflife.date), to find vulnerablilities (via https://osv.dev) and get license information (via https://deps.dev)

    It's been hugely useful for us understanding use of internal and external dependencies, and I wish I'd built it earlier in my career so I could've had it for other companies I've worked at!

  • Malicious library inits?
    2 projects | /r/golang | 15 Jan 2023
    Something like osv-scanner (https://osv.dev/), Github's depandabot etc would help to a great extend in detecting malicious dependencies. Not much else be done I guess
  • Distributed vulnerability database for Open Source
    1 project | news.ycombinator.com | 3 Jan 2023
  • SBOM and dependencies check tool and vulnerabilities database from Google
    3 projects | /r/cybersecurity | 28 Dec 2022
  • Free tool for generating SBOM and CVEs against source or binaries
    3 projects | /r/cybersecurity | 21 Dec 2022
    Have a look at https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html they have plans for c++ https://github.com/google/osv.dev/issues/783
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 9 May 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Stats

Basic osv.dev repo stats
19
1,407
9.7
7 days ago

google/osv.dev is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of osv.dev is Python.

Popular Comparisons

  1. osv.dev VS osv-scanner
  2. osv.dev VS certspotter
  3. osv.dev VS betterscan-ce
  4. osv.dev VS certificate-transparency-go
  5. osv.dev VS Awesome-Fuzzing
  6. osv.dev VS tincan-tls
  7. osv.dev VS notebooks
  8. osv.dev VS Botan
  9. osv.dev VS roadmap
  10. osv.dev VS advisory-db

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com