Vulnerability scanner written in Go that uses osv.dev data

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Security Docker security-tools Npm Containers

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • osv-scanner

    Vulnerability scanner written in Go which uses the data provided by https://osv.dev

    • - Building a high quality C/C++ vulnerability database.

    You can follow the two linked issues here: https://github.com/google/osv-scanner/issues/82 for updates!

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    • Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.

    1. https://github.com/ossillate-inc/packj flags malicious/risky packages.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • apko

    Build OCI images from APK packages directly without Dockerfile

    • Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.

    We open sourced a few tools that do it automatically for containers:

    https://github.com/chainguard-dev/apko

    https://github.com/chainguard-dev/melange

  • melange

    build APKs from source code (by chainguard-dev)

    • Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.

    We open sourced a few tools that do it automatically for containers:

    https://github.com/chainguard-dev/apko

    https://github.com/chainguard-dev/melange

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • I like trivy[1] a lot. Nice to see more alternatives like this.

    1. https://github.com/aquasecurity/trivy

  • maloss

    Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

    • We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Docker image vulnerabilities scanning trivy vs synk.io

    1 project | /r/docker | 30 Apr 2023

  • Docker image vulnerabilities scanning trivy vs synk.io

    1 project | /r/cybersecurity | 30 Apr 2023

  • Free tool for generating SBOM and CVEs against source or binaries

    3 projects | /r/cybersecurity | 21 Dec 2022

  • Improving your CI/CD Pipeline: Helm Charts Security Scanning with Trivy and GitHub Actions

    2 projects | dev.to | 2 Dec 2022

  • v0.33.0 · Discussion #3077 · aquasecurity/trivy

    1 project | /r/devopsish | 25 Oct 2022