@@ -6,14 +6,16 @@ nav_order: 1
66
77[ ![ OpenSSF Scorecard] ( https://api.securityscorecards.dev/projects/github.com/google/osv.dev/badge )] ( https://api.securityscorecards.dev/projects/github.com/google/osv.dev )
88
9- [ osv.dev] ( https://osv.dev ) is a [ vulnerability database] ( https://osv.dev/list )
10- and triage infrastructure for open source projects aimed at helping both open
11- source maintainers and consumers of open source.
9+ OSV enables developers to identify known third-party open source dependency
10+ vulnerabilities that pose genuine risk to their application and its environment,
11+ so they can focus remediation efforts on the vulnerabilities that matter and
12+ sustainably manage vulnerabilities that do not affect them.
1213
1314[ This repository] ( https://github.com/google/osv.dev ) contains the infrastructure
14- code that serves [ osv.dev] ( https://osv.dev ) (and other user tooling). This
15- infrastructure serves as an aggregator of vulnerability databases that have
16- adopted the [ OpenSSF Vulnerability format] ( https://github.com/ossf/osv-schema ) .
15+ code that serves [ osv.dev] ( https://osv.dev ) (including the
16+ [ API] ( https://google.github.io/osv.dev/api/ ) ). This infrastructure serves as an
17+ aggregator of vulnerability databases that have adopted the [ OpenSSF
18+ Vulnerability format] ( https://github.com/ossf/osv-schema ) .
1719
1820[ osv.dev] ( https://osv.dev ) additionally provides infrastructure to ensure
1921affected versions are accurately represented in each vulnerability entry,
@@ -22,6 +24,9 @@ through bisection and version analysis.
2224Further information on the infrastructure architecture is available
2325[ here] ( contributing/architecture.md ) .
2426
27+ [ OSV-Scanner] ( https://google.github.io/osv-scanner/ ) is the first-party tool
28+ that leverages OSV.dev's data, using its API.
29+
2530
0 commit comments