Skip to content

Update ghcr.io/google/osv-scanner Docker tag to v1.4.0

Renovate Bot requested to merge renovate/ghcr.io-google-osv-scanner-1.x into main

This MR contains the following updates:

Package Type Update Change
ghcr.io/google/osv-scanner image-name minor v1.3.6 -> v1.4.0

Dependency Lookup Warnings

Warnings were logged while processing this repo. Please check the logs for more information.

Release Notes

google/osv-scanner (ghcr.io/google/osv-scanner)

v1.4.0

Compare Source

Features
  • Feature #​183 Add (experimental) offline mode! See our documentation for how to use it.
  • Feature #​452 Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project! See our documentation for limitations and how to use this.
  • Feature #​484 Detect the installed go version and checks for vulnerabilities in the standard library.
  • Feature #​505 OSV-Scanner doesn't support your lockfile format? You can now use your own parser for your format, and create an intermediate osv-scanner.json for osv-scanner to scan. See our documentation for instructions.
API Features
  • Feature #​451 The lockfile package now support extracting dependencies directly from any io.Reader, removing the requirement of a file path.
Fixes
  • Bug #​457 Fix PURL mapping for Alpine packages
  • Bug #​462 Use correct plural and singular forms based on count

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

Merge request reports