Third party tools

There are community tools that use OSV. Note that these are community built tools as such are not supported or endorsed by the core OSV maintainers. You may wish to consult the OpenSSF’s Concise Guide for Evaluating Open Source Software to determine suitability for your use.

• Betterscan.io: Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC)
• bomber
• Cortex XSOAR
• dependency-management-data
• Dependency-Track
• dep-scan
• G-Rath/osv-detector: A scanner that uses the OSV database.
• GUAC
• it-depends
• .NET client library and support for the schema
• OSS Review Toolkit
• Packj
• pip-audit
• Renovate
• rosv: an R package to access the OSV database and help administer Posit Package Manager
• Rust client library
• Skjold: Security audit python project dependencies against several security advisory databases
• Trivy
• IronDome: SCA scanner for Ruby applications
• OSV module in x-cmd: A shell CLI for OSV.dev API with osv-scanner integration

Feel free to send a PR to add your project here. We ask that you consider adopting OpenSSF Scorecard for your repo to help boost the security credibility of the project.