OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.5
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-2677
OSV Vulnerability Scanner Configuration (OD-2677)
Tobias opened 4 weeks ago

Hi,

I am currently testing the OSV Vulnerability Scanner and the Trivy Filesystem Scanner with dependency files for C# deps.json. The OSV Scanner shows that no package source was found. The OSV scanner also finds nothing when I do not restrict the folder in the job workspace and activate the recursive option. With the trivy scanner, vulnerabilities are found in the same files. I also tested it with the OSV Scanner installed locally on my computer and the same deps.json files, and it worked.

Thank you in advance.

  • Robin Shen commented 4 weeks ago

    OneDev still uses an old version of OSV scanner. Will upgrade to latest version in next patch release to solve this issue.

  • Robin Shen commented 3 weeks ago

    OSV updated in build OD-7079 available and it can now check .NET deps file

  • Robin Shen changed state to 'Closed' 3 weeks ago
    Previous Value Current Value 
    Open
    		 
    Closed
issue 1/1
Type
Question
Priority
Normal
Assignee
Robin Shen
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-2677
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover