Our first release candidate for OSV-Scanner V2, which includes various breaking changes osv-scanner to help future proof osv-scanner in V2! See the changelog for beta1 and beta2 for the full list of changes.
We've also added a migration guide here: https://google.github.io/osv-scanner/migration-guide.html
As always, please feel free to give us your feedback!
Changes:
- Feature #1670 Guided remediation now makes non-interactive the default mode, and adds the
--interactiveflag. - Feature #1670 Removes the
--verbosity=verboseverbosity level. - Feature #1673 & Feature #1664 Moves all our experimental flags out of experimental, and removes the experimental flags.
- Feature #1651 License flags have been merged into a single license flag. See
--helpor migration guide for more details.
Features:
- Feature #1636
osv-scanner updatecommand has been released as an experimental feature. - Feature #1582 Add container scanning related information to vertical output format.
- Feature #1587 Add support for severity in SARIF report format.
Fixes
- Fix #1677 Fix OS filter for HTML report.
- Fix #1598 Fix table output vulnerability ordering.
- Fix #1661 Add spinner to iframs in the HTML report.
- Fix #1648 Updated HTML report styling to improve contrast.
- Fix #1616 Display git scanning results in HTML report.
- Fix #1616 Filter out Ubuntu unimportant vulnerabilities.
API changes
- Feature #1666 Removes
reporter, all logging now goes through slog, which you can override to change the output. - Feature #1638 All deprecated packages have been removed from the osv-scanner module, this includes the
lockfilepackage, which has been migrated to theOSV-Scalibrlibrary.
New Contributors
- @mickem made their first contribution in #1587
- @WeizhouRen made their first contribution in #1661
- @vitorRibeiro7 made their first contribution in #1648
Full Changelog: v2.0.0-beta2...v2.0.0-rc1