ossv-scanner 0.1.0

A tool for scanning OSS projects for dependencies and vulnerabilities

OSS Vulnerability Scanner

A comprehensive tool for scanning Open Source Software projects for dependencies, generating Software Bill of Materials (SBOM), and checking for known vulnerabilities.

Features

• Dependency Parsing: Scans OSS projects and extracts dependencies from configuration files
• SBOM Generation: Creates Software Bill of Materials in CycloneDX format
• Vulnerability Checking: Queries the National Vulnerability Database (NVD) for known vulnerabilities
• Caching: Implements caching to avoid repeated queries and improve performance
• Visualization: Provides visual representation of vulnerability data
• Detailed Reporting: Generates comprehensive vulnerability reports

Supported Package Managers

• Python (requirements.txt, setup.py)
• JavaScript (package.json)
• Java (pom.xml)

Installation

# Clone the repository
git clone https://github.com/yourusername/ossv-scanner.git
cd ossv-scanner

# Install the package
pip install -e .

Usage

Command-Line Interface

# Scan a project
ossv-scan /path/to/project

# Generate SBOM only
ossv-scan --sbom-only /path/to/project

# Output formats
ossv-scan --output-format html /path/to/project
ossv-scan --output-format json /path/to/project

# Specify cache location
ossv-scan --cache-dir /path/to/cache /path/to/project

Python API

from ossv_scanner import Scanner

# Create a scanner instance
scanner = Scanner()

# Scan a project
results = scanner.scan('/path/to/project')

# Generate report
scanner.generate_report(results, output_format='html', output_path='report.html')

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.