Releases: google/osv-scanner-action
v2.3.5
This updates OSV-Scanner to v2.3.5.
What's Changed
- Update to v2.3.5 by @tobyhawker in #124
New Contributors
- @tobyhawker made their first contribution in #124
Full Changelog: v2.3.3...v2.3.5
Contributors
Assets 2
v2.3.3
This updates OSV-Scanner to v2.3.3.
What's Changed
- chore(deps): update github/codeql-action action to v4.31.10 by @renovate-bot in #115
- Update to v2.3.3 by @Ly-Joey in #118
New Contributors
Full Changelog: v2.3.2...v2.3.3
Contributors
Assets 2
v2.3.2
This updates OSV-Scanner to v2.3.2
This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.
Fixes:
- Bug #2415 Add more PURL-to-ecosystem mappings
- Bug #2422 MCP error for get_vulnerability_id because type definition is incorrect.
- Bug #2460 Enable osv-scanner.json git queries
- Bug #2456 Properly track if an ignore entry has been used
- Bug #2450 Performance: Avoid loading the entire advisory unless it will actually be used
- Bug #2445 Performance: Don't read the entire zip into memory
- Bug #2433 Allow specifying user agent in v2 osvscanner package
Misc:
- Misc #2453 Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
- Misc #2447 Include
bun.lockas a supported lockfile - Misc #2444 Document GoVersionOverride in configuration.md
Full Changelog: google/osv-scanner@v2.3.1...v2.3.2
v2.3.1
What's Changed
- chore(deps): update workflows (major) by @renovate-bot in #105
- chore(deps): update github/codeql-action action to v4.31.7 by @renovate-bot in #108
- chore: more specific name for uploaded artifact by @marcusburghardt in #111
- Update to v2.3.1 by @cuixq in #112
New Contributors
- @marcusburghardt made their first contribution in #111
Full Changelog: v2.3.0...v2.3.1
Contributors
Assets 2
v2.3.0
What's Changed
- chore(deps): update workflows by @renovate-bot in #104
- Add gemini config.yaml file by @michaelkedar in #107
- Update to v2.3.0 by @michaelkedar in #106
Full Changelog: v2.2.4...v2.3.0
Contributors
Assets 2
v2.2.4
What's Changed
- chore(deps): update github/codeql-action action to v4 by @renovate-bot in #102
- Update to v2.2.4 by @another-rex in #103
Full Changelog: v2.2.3...v2.2.4
Contributors
Assets 2
v2.2.3
What's Changed
- chore(deps): update workflows by @renovate-bot in #86
- chore(deps): update workflows to v5 (major) by @renovate-bot in #87
- Update to v2.2.3 by @jess-lowe in #101
Full Changelog: v2.2.2...v2.2.3
Contributors
Assets 2
v2.2.2
This updates OSV-Scanner to v2.2.2.
What's Changed
- docs: Update Automatic install instructions by @another-rex in #94
- Update to v2.2.2 by @cuixq in #95
Full Changelog: v2.2.1...v2.2.2
Contributors
Assets 2
v2.2.1
What's Changed
OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!
Features:
- Feature #2146 Allow manual OSV-Scalibr plugin selection.
- Feature #2144 Add OSV-Scalibr version to osv-scanner --version output.
- Feature #2021 Add experimental support for running OSV-Scalibr detectors.
- Feature #2079 Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
- Feature #2032 Add summary section at the top of outputs and a 'Fixed Version' column.
- Feature #2076 Support Ubuntu severity type.
Fixes:
- Bug #2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
- Bug #2084 Show absolute paths when scanning containers.
- Bug #2126 Log and preserve package count before continuing on db error.
- Bug #2095 Pass through plugin capabilities correctly.
- Bug #2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
- Bug #2072 Add missing "text" property in description fields.
- Bug #2068 Change links in output to go to the specific vulnerability page instead of the list page.
- Bug #2064 Fix SARIF v3 output to include results.
- Bug #2151 Filter by ecosystem before querying.
API Changes:
- API Change #2096 Allow log handler to be overridden.
Warning
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.
v2.1.0
What's Changed
- chore(deps): update github/codeql-action action to v3.29.0 by @renovate-bot in #76
- Update to v2.1.0 by @michaelkedar in #81
Full Changelog: v2.0.3...v2.1.0