google/osv-scanner v2.3.6
on GitHub

one hour ago

Features:

Feature #2658 Support regex matching for package name overrides.
Feature #2510 Scan Homebrew inventory using git repository metadata.

Fixes:

Bug #2750 Sanitize \r/\n in default/table/vertical output to prevent GitHub Actions workflow command injection.
Bug #2641 Correctly output packages from osv-scanner.json source in spdx format.
Bug #2729 Increase color contrast of vulnerability stats.
Bug #2664 Remove second newline at end of vertical output.
Bug #2669 Sanitize \r in gh-annotations to prevent GitHub Actions workflow command injection.

Misc:

Update osv-scalibr to v0.4.6-0.20260428235529-7791e288d6c1.
Update Go version to 1.26.2 (#2706).

New Contributors

@djvirus9 made their first contribution in #2669
@jonjensen made their first contribution in #2695
@dosisod made their first contribution in #2729
@ibondarenko1 made their first contribution in #2748
@sjhddh made their first contribution in #2744
@Mananshah237 made their first contribution in #2641
@majiayu000 made their first contribution in #2658
@hits313 made their first contribution in #2750

Full Changelog: v2.3.5...v2.3.6

Check out latest releases or
releases around google/osv-scanner v2.3.6

Don't miss a new osv-scanner release

NewReleases is sending notifications on new releases.

Get notifications