Google Releases OSV-SCALIBR: A Powerful Software Composition Analysis Library
2025-01-19
Google has released OSV-SCALIBR, an extensible Software Composition Analysis (SCA) library for scanning installed packages, standalone binaries, and source code for vulnerabilities. It supports numerous programming languages and package managers, and generates Software Bill of Materials (SBOMs). OSV-SCALIBR is Google's primary SCA engine and is now open-source, with plans to integrate it into OSV-Scanner for a more robust command-line interface.
Development
Software Security