OSV Scanner

This component implements a scanner that runs osv-scan and then parses the json reports output by into ocsf format. Use it to scan for vulnerable dependencies.

How to use with Smithy

Open-Source

# file ./my-workflow/workflow.yml
description: Workflow scanning with OSV
name: osv
components:
  - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2
  - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/osv-scanner:v1.2.3
  - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2
  - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2

SaaS

In the Smithy UI, open the page to create a new workflow.
Find OSV Scanner in the Scanners section. Click to add it to the workflow.
Run the workflow as normal.

Options

This component does not accept options.

How to use with Smithy​

Open-Source​

SaaS​

Options​

How to use with Smithy

Open-Source

SaaS

Options