OSV Scanner
This component implements a scanner that runs osv-scan and then parses the json reports output by into ocsf format. Use it to scan for vulnerable dependencies.
How to use with Smithy
Open-Source
# file ./my-workflow/workflow.yml
description: Workflow scanning with OSV
name: osv
components:
- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2
- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/osv-scanner:v1.2.3
- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2
- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Find OSV Scanner in the Scanners section. Click to add it to the workflow.
- Run the workflow as normal.
Options
This component does not accept options.