Update ghcr.io/google/osv-scanner Docker tag to v1.4.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
ghcr.io/google/osv-scanner | image-name | minor |
v1.3.6 -> v1.4.0
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
google/osv-scanner (ghcr.io/google/osv-scanner)
v1.4.0
Features
- Feature #183 Add (experimental) offline mode! See our documentation for how to use it.
- Feature #452 Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project! See our documentation for limitations and how to use this.
-
Feature #484 Detect the installed
go
version and checks for vulnerabilities in the standard library. -
Feature #505 OSV-Scanner doesn't support your lockfile format? You can now use your own parser for your format, and create an intermediate
osv-scanner.json
for osv-scanner to scan. See our documentation for instructions.
API Features
- Feature #451 The lockfile package now support extracting dependencies directly from any io.Reader, removing the requirement of a file path.
Fixes
Configuration
-
If you want to rebase/retry this MR, check this box