scoop install osv-scanner
brew install osv-scanner
Arch Linux users can install osv-scanner from the official repo:
pacman -S osv-scanner
Alpine Linux users can install osv-scanner from the official repo:
apk add osv-scanner
OpenBSD users can install osv-scanner from the official repo:
Alternatively, you can install this from source by running:
go install github.com/google/osv-scanner/cmd/osv-scanner@v1
This requires Go 1.21.4+ to be installed.
See our contribution guidelines for instructions on how to build from source.
Each of our releases come with SLSA provenance data (
multiple.intoto.jsonl), which can be used to verify the source and provenance of the binaries with the
slsa-verifier verify-artifact ./osv-scanner_1.2.0_linux_amd64 --provenance-path multiple.intoto2.jsonl --source-uri github.com/google/osv-scanner --source-tag v1.2.0
All releases on the same Major version will be guaranteed to have backward compatible JSON output and CLI arguments. However, features prefixed with
--experimental-call-analysis) might be changed or removed with only a Minor version change.