* Recover from osv-scanner panics.
This allows us to give an inconclusive score instead of crashing.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Bump osv-scanner to include performance increase.
https://github.com/google/osv-scanner/pull/346
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Updates osv-scanner dependency to 1.2.0.
The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.
Signed-off-by: Rex Pan <rexpan@google.com>
* Add some additional comments
Signed-off-by: Rex Pan <rexpan@google.com>
* Update osv-scanner to include SBOM and logging fixes
Signed-off-by: Rex Pan <rexpan@google.com>
---------
Signed-off-by: Rex Pan <rexpan@google.com>
* Improve OSV scanning integration (squashed)
Signed-off-by: Rex P <rexpan@google.com>
* Add support for grouping vulnerabilities and aliases
Signed-off-by: Rex P <rexpan@google.com>
* Updated documentation, spit vulnerability output to multiple warnings
Signed-off-by: Rex P <rexpan@google.com>
* Updated documentation, spit vulnerability output to multiple warnings
Signed-off-by: Rex P <rexpan@google.com>
* Add its own codebase into docs
Signed-off-by: Rex P <rexpan@google.com>
* Update scorecard test to not prevent known vulns
Signed-off-by: Rex P <rexpan@google.com>
Signed-off-by: Rex P <rexpan@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>