Skip to content

v2.3.2

Marketplace
Marketplace

Choose a tag to compare

View all tags
@jess-lowe jess-lowe released this 15 Jan 03:30
· 15 commits to main since this release
v2.3.2
2a387ed
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:

  • Bug #2415 Add more PURL-to-ecosystem mappings
  • Bug #2422 MCP error for get_vulnerability_id because type definition is incorrect.
  • Bug #2460 Enable osv-scanner.json git queries
  • Bug #2456 Properly track if an ignore entry has been used
  • Bug #2450 Performance: Avoid loading the entire advisory unless it will actually be used
  • Bug #2445 Performance: Don't read the entire zip into memory
  • Bug #2433 Allow specifying user agent in v2 osvscanner package

Misc:

  • Misc #2453 Switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
  • Misc #2447 Include bun.lock as a supported lockfile
  • Misc #2444 Document GoVersionOverride in configuration.md

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

Assets 2
Loading