Changelog
Features
- Feature #501 Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
- Feature #642 Support scanning
renv
files for the R language ecosystem. - Feature #513 Stabilize call analysis for Go! The experimental
--experimental-call-analysis
flag has now been updated to:
with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!--call-analysis=<language/all> --no-call-analysis=<language/all>
- Feature #676 Simplify return codes:
- Return 0 if there are no findings or errors.
- Return 1 if there are any findings (license violations or vulnerabilities).
- Return 128 if no packages are found.
- Feature #651 CVSS v4.0 support.
- Feature #60 Pre-commit hook support.
Fixes
- Bug #639 We now filter local packages from scans, and report the filtering of those packages.
- Bug #645 Properly handle file/url paths on Windows.
- Bug #660 Remove noise from failed lockfile parsing.
- Bug #649 No longer include vendored libraries in C/C++ package analysis.
- Bug #634 Fix filtering of aliases to also include non OSV aliases
New Contributors
- @hogo6002 made their first contribution in #665
- @pandatix made their first contribution in #651
- @kemzeb made their first contribution in #669
Full Changelog: v1.4.3...v1.5.0