OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!
Features:
- Feature #2146 Allow manual OSV-Scalibr plugin selection.
- Feature #2144 Add OSV-Scalibr version to osv-scanner --version output.
- Feature #2021 Add experimental support for running OSV-Scalibr detectors.
- Feature #2079 Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
- Feature #2032 Add summary section at the top of outputs and a 'Fixed Version' column.
- Feature #2076 Support Ubuntu severity type.
Fixes:
- Bug #2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
- Bug #2084 Show absolute paths when scanning containers.
- Bug #2126 Log and preserve package count before continuing on db error.
- Bug #2095 Pass through plugin capabilities correctly.
- Bug #2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
- Bug #2072 Add missing "text" property in description fields.
- Bug #2068 Change links in output to go to the specific vulnerability page instead of the list page.
- Bug #2064 Fix SARIF v3 output to include results.
API Changes:
- API Change #2096 Allow log handler to be overridden.
New Contributors
- @brabster made their first contribution in #2072
- @Aejkatappaja made their first contribution in #2032
- @dizzydroid made their first contribution in #2106
Full Changelog: v2.1.0...v2.2.0