Google Introduces OSV-SCALIBR Library for Software Analysis
/ 1 min read
🔍 Google launches OSV-SCALIBR, a new library for software composition analysis. The OSV-SCALIBR library enhances vulnerability scanning capabilities for open source dependencies, supporting 11 programming languages and various package managers. It offers features such as scanning for installed packages, standalone binaries, and source code, along with SBOM generation in popular formats. Designed for performance in resource-constrained environments, OSV-SCALIBR is now the primary scanning engine at Google, with plans to integrate its features into the existing OSV-Scanner tool. Future updates will expand support for additional ecosystems and improve vulnerability detection. Developers are encouraged to contribute to the library and utilize its capabilities for securing software.
