Introduction to OSV

OpenSSF Scorecard is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.

This repository contains the infrastructure code that serves (and other user tooling). This infrastructure serves as an aggregator of vulnerability databases that have adopted the OpenSSF Vulnerability format. additionally provides infrastructure to ensure affected versions are accurately represented in each vulnerability entry, through bisection and version analysis.

Further information on the infrastructure architecture is available here.

This is a diagram that shows the relationship between the vulnerability databases that use the OSV format and how all those entries are collated at Open source users can query for known vulnerabilities by version number or commit hash.