OSV Scanner

This scanner scans third party dependencies of multiple languages. Read more about what it does on the osv-scanner page

How to use with Smithy

Open-Source

Add the component to the workflow

# file: ./my-workflow/workflow.yaml
description: OSV-Scanner based workflow
name: osv-scan
components:
  - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.2
  - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/osv-scanner:v1.2.1
  - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.1
  - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.1

Configure the run parameters of the component in the overrides file

# file: ./my-workflow/overrides.yaml
git-clone:
  - name: "repo_url"
    type: "string"
    value: "https://github.com/0c34/govwa.git"
  - name: "reference"
    type: "string"
    value: "master"

SaaS

In the Smithy UI, open the page to create a new workflow.
Find osv-scanner in the scanners dropdown.

Options

This component does not accept parameterization.

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options