Open Source Vulnerabilities library

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for clusterfuzz-devs from gravatar.com clusterfuzz-devs Avatar for osv from gravatar.com osv

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

OpenSSF Scorecard

Documentation

Comprehensive documentation is available here. API documentation is available here.

Data Dump

We have data dumps available from a GCS bucket at gs://osv-vulnerabilities. For more information check out our documentation.

Viewing the web UI

An instance of OSV's web UI is deployed at https://osv.dev.

Using the scanner

We provide a Go based tool that will scan your dependencies, and check them against the OSV database for known vulnerabilities via the OSV API.

Currently it is able to scan various lockfiles, debian docker containers, SPDX and CycloneDB SBOMs, and git repositories.

The scanner is located in its own repository.

This repository

This repository contains all the code for running https://osv.dev on GCP. This consists of:

directory what
bindings/ Language bindings for the OSV API (currently Go only)
deployment/ Terraform & Cloud Deploy config files
A few Cloud Build config yamls
docker/ CI docker files (ci, deployment, terraform)
worker-base docker image for gcp/workers/worker
docs/ Jekyll files for https://google.github.io/osv.dev/
build_swagger.py and tools.go
gcp/api OSV API server files (including files for the local ESP server)
protobuf files in /v1
gcp/datastore The datastore index file (index.yaml)
gcp/functions The Cloud Function for publishing PyPI vulnerabilities (maintained, but not developed)
gcp/indexer The determine version indexer
gcp/website The backend of the osv.dev web interface, with the frontend in frontend3
Blog posts (in blog)
gcp/workers/ Workers for bisection and impact analysis (worker, importer, exporter, alias)
cron/ jobs for database backups and processing oss-fuzz records
osv/ The core OSV Python library, used in basically all Python services
OSV ecosystem package versioning helpers in ecosystems/
Datastore model definitions in models.py
tools/ Misc scripts/tools, mostly intended for development (datastore stuff, linting)
The indexer-api-caller for indexer calling
vulnfeeds/ Go module for (mostly) the NVD CVE conversion
The Alpine feed converter (cmd/alpine)
The Debian feed converter (tools/debian, which is written in Python)

You'll need to check out submodules as well for many local building steps to work:

git submodule update --init --recursive

Contributing

Contributions are welcome!

Learn more about code, data, and documentation contributions. We also have a mailing list.

Do you have a question or a suggestion? Please open an issue.

Third party tools and integrations

There are also community tools that use OSV. Note that these are community built tools and as such are not supported or endorsed by the core OSV maintainers. You may wish to consult the OpenSSF's Concise Guide for Evaluating Open Source Software to determine suitability for your use. Some popular third party tools are:

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for clusterfuzz-devs from gravatar.com clusterfuzz-devs Avatar for osv from gravatar.com osv

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

0.1.1

0.1.0 yanked

Reason this release was yanked:

supported python versions not accurate

0.0.22

0.0.21

0.0.18

0.0.17

0.0.16

0.0.14

0.0.13

0.0.12

0.0.11

0.0.10

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1a0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

osv-0.1.2.tar.gz (5.6 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

osv-0.1.2-py3-none-any.whl (5.9 MB view details)

Uploaded Python 3

File details

Details for the file osv-0.1.2.tar.gz.

File metadata

  • Download URL: osv-0.1.2.tar.gz
  • Upload date:
  • Size: 5.6 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for osv-0.1.2.tar.gz
Algorithm Hash digest
SHA256 fdf38fa13093e9d5ea294fba2502d0e4e3827764b4563e764740d355130846e1
MD5 f33445b3e9d0a3d3ce20d5b9f45b692a
BLAKE2b-256 3224ba36ec01fd0c6c49212da153ef9fff5010850b4c6fab066838a77525bffc

See more details on using hashes here.

File details

Details for the file osv-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: osv-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 5.9 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for osv-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 59ee3319dbb95220db414e2d493632a32ed6d510b5787d28a3282dd2e59421d2
MD5 3ca89dd7b2e331e2ed293b5b6f5d3144
BLAKE2b-256 692ce11e9952d0f16588a74498c96f6fc7c61763bdcde23ae998ff527001ffeb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page