OSV Scanner is an open-source vulnerability scanner, used to identify security vulnerabilities in software dependencies.

This repository is an implementation of Ostorlab Agent for the OSV Scanner by Google.

To perform your first scan, simply run the following command:

oxo scan run --install --agent agent/ostorlab/osv file

This command will download and install agent/ostorlab/osv and target the file. For more information, please refer to the OXO Documentation

Agent OSV can be installed directly from the oxo agent store or built from this repository.

oxo agent install agent/ostorlab/osv

You can then run the agent with the following command:

oxo scan run --agent agent/ostorlab/osv file

1. To build the OSV agent you need to have oxo installed in your machine. if you have already installed oxo, you can skip this step.

pip3 install ostorlab

2. Clone this repository.

git clone https://github.com/Ostorlab/agent_osv.git && cd agent_osv

3. Build the agent image using oxo cli.

oxo agent build --file=ostorlab.yaml

You can pass the optional flag --organization to specify your organisation. The organization is empty by default.

4. Run the agent using on of the following commands:
   • If you did not specify an organization when building the image:

   oxo scan run --agent agent//osv file

   • If you specified an organization when building the image:

   oxo scan run --agent agent/[ORGANIZATION]/osv file

Apache