概述

x osv - Open Source Vulnerabilities

> Query Google OSV database for package vulnerabilities and scan local projects.

Quick Start

# Query vulnerability for a package
x osv q -p jq -v 1.7.1

# Scan local project for vulnerabilities (requires osv-scanner)
x osv scanner .

Features

Vulnerability Query: Query OSV database for package vulnerabilities
Project Scanning: Scan local projects using osv-scanner
SARIF Reports: Generate SARIF security reports
Multi-ecosystem: Supports npm, pip, Maven, Go, Rust, etc.

Prerequisites

Tool	Purpose	Install
------	---------	---------
x-cmd	Required module runtime	`brew install x-cmd`
osv-scanner	Project scanning	https://github.com/google/osv-scanner

Commands

Command	Description
---------	-------------
`x osv q`	Query vulnerabilities for a package
`x osv scanner`	Scan project for vulnerabilities (requires osv-scanner)
`x osv vuln`	Get vulnerability details
`x osv sarif`	Generate SARIF security reports
`x osv eco`	List supported ecosystems

Examples

Query Vulnerabilities

# Query specific package version
x osv q -p jq -v 1.7.1

# Query by commit hash
x osv q -c 6879efc2c1596d11a6a6ad296f80063b558d5e0f

Scan Projects

# Scan current directory (requires osv-scanner installed)
x osv scanner .

# Scan specific lockfile
x osv scanner --lockfile requirements.txt
x osv scanner --lockfile package-lock.json

Generate SARIF Reports

# Scan npm project
x osv sarif npm ./my-project/

# Scan pip project with JSON output
x osv sarif pip ./project/ --json

Supported Ecosystems

View all supported ecosystems:

x osv eco

Includes: npm, PyPI, Maven, Go, Rust, NuGet, Packagist, etc.

API Key

No API key required for basic usage. Rate limits apply for unauthenticated requests.

版本历史

共 1 个版本

v1.0.1 当前

2026-03-29 22:32 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)