awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
google avatar

google/osv.dev

0
View on GitHub↗
2,494 stele·283 fork-uri·Python·apache-2.0·1 vizualizareosv.dev↗

Osv.dev

OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records.

The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-based impact analysis, using version bisections in isolated containers to determine the exact range of affected software versions.

The system provides capabilities for software dependency scanning, allowing users to identify known flaws by mapping project versions and commit hashes against the vulnerability database. It includes tools for batch package querying, library version identification, and vulnerability record validation to ensure data integrity.

The project also provides auditing utilities to identify and report ingestion failures and data integrity issues during the import process.

Features

  • Vulnerability Aggregators - Functions as a centralized aggregator that collects and normalizes security data from various open-source ecosystems.
  • Ecosystem Normalizers - Functions as a centralized system that collects and normalizes security data from diverse ecosystems into a unified format.
  • Dataset Distribution Services - Ships a cloud-based distribution service for bulk vulnerability dataset exports and incremental updates.
  • Data Normalization - Collects and normalizes security advisories from diverse open-source ecosystems and external databases into a single unified format.
  • Schema-Driven Data Normalizers - Converts diverse security advisories from multiple ecosystems into a single unified format using a standardized open source schema.
  • External Data Ingestion - Provides web endpoints to ingest vulnerability contributions and updates from external sources to maintain a real-time database.
  • Vulnerability Detail Retrievals - Fetches comprehensive information about a specific vulnerability using its unique identifier.
  • CVE Vulnerability Search Engines - Provides a searchable distributed aggregator of open-source vulnerability databases to identify risks in dependencies.
  • Dependency Vulnerability Scanners - Provides tools for identifying known security flaws in project dependencies by cross-referencing versions against a vulnerability database.
  • Dependency Vulnerability Scanning - Checks software dependencies and lockfiles against a distributed database to identify known security flaws.
  • Vulnerability Database Management - Provides systems for synchronizing and maintaining local copies of security metadata through bulk exports and incremental updates.
  • Vulnerability Databases - Provides a system for submitting vulnerability information to a database via web API to keep security data current.
  • Vulnerability Data Query Engines - Determines if a specific software version or commit is affected by a vulnerability using precise version ranges and identifiers.
  • Vulnerability Analysis Tools - Executes bisections and impact analysis tasks in sandboxed containers to determine the scope of software vulnerabilities.
  • Affected Version Bisections - Determines the exact range of affected software versions using bisection and version analysis.
  • Vulnerability Contributions - Supports the submission and validation of new vulnerability records via API to keep open source security data current.
  • Vulnerability Database APIs - Offers a programmatic web interface for querying package vulnerabilities and submitting standardized security records.
  • Vulnerability Data Aggregators - Collects and serves security information from multiple sources that follow a standardized open-source vulnerability format.
  • Vulnerability Data Synchronization - Imports security records from public repositories, web APIs, or cloud storage buckets after validating they match a specific schema.
  • Vulnerability Schema Validations - Provides validation to ensure that vulnerability data conforms to a standardized open-source schema.
  • Sandbox-Based Analysis - Runs version bisections and vulnerability tests inside isolated containers to determine the exact range of affected software versions.
  • Bulk Dataset Export - Exports bulk vulnerability datasets as compressed archives stored in public cloud buckets for high-throughput offline downloading.
  • Incremental Data Synchronization - Tracks modification dates for vulnerability records to allow clients to fetch only new or updated data since a specific point.
  • Vulnerability Datasets - Exports the complete vulnerability database or ecosystem-specific subsets as compressed archives via a public cloud bucket.
  • Vulnerability Package Queries - Allows retrieving vulnerability IDs and modification dates for a batch of packages in a single request.
  • Cross-Ecosystem Relation Mappings - Links vulnerability records to equivalent identifiers and tracks dependencies across diverse package ecosystems.
  • Package and Version Identification - Matches source code hashes of libraries to the closest upstream library and version for accurate identification.
  • Hash-Based Resolutions - Matches software source code hashes to upstream library versions to identify the exact release affected by a flaw.
  • Vulnerability Dependency Mapping - Identifies known vulnerabilities by mapping a project's list of dependencies against a distributed database of security advisories.

Istoric stele

Graficul istoricului de stele pentru google/osv.devGraficul istoricului de stele pentru google/osv.dev

Căutare AI

Explorează mai multe repository-uri excelente

Descrie ce ai nevoie în limbaj simplu — AI-ul sortează mii de proiecte open source selectate în funcție de relevanță.

Start searching with AI

Întrebări frecvente

Ce face google/osv.dev?

OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records.

Care sunt principalele funcționalități ale google/osv.dev?

Principalele funcționalități ale google/osv.dev sunt: Vulnerability Aggregators, Ecosystem Normalizers, Dataset Distribution Services, Data Normalization, Schema-Driven Data Normalizers, External Data Ingestion, Vulnerability Detail Retrievals, CVE Vulnerability Search Engines.

Care sunt câteva alternative open-source pentru google/osv.dev?

Alternativele open-source pentru google/osv.dev includ: cve-search/cve-search — cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE… dependencytrack/dependency-track — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track… github/advisory-database — The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and… wpscanteam/wpscan — WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress… future-architect/vuls — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating… strozfriedberg/windows-exploit-suggester — Windows-Exploit-Suggester is a security analysis tool designed to audit patch levels and identify vulnerabilities on…

Alternative open-source pentru Osv.dev

Proiecte open-source similare, clasificate după numărul de funcționalități comune cu Osv.dev.
  • cve-search/cve-searchAvatar cve-search

    cve-search/cve-search

    2,593Vezi pe GitHub↗

    cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE security vulnerability data. It functions as a security data warehouse that imports vulnerability feeds into a local database to enable fast, keyword-based discovery of security flaws. The project provides a web-based vulnerability browser and a programmatic JSON API for retrieving records and risk scores. It utilizes full-text indexing for vulnerability descriptions and implements an identity-verified security portal using the OpenID Connect standard for user authentication.

    Pythoncommon-vulnerabilitiescpecve
    Vezi pe GitHub↗2,593
  • dependencytrack/dependency-trackAvatar DependencyTrack

    DependencyTrack/dependency-track

    3,612Vezi pe GitHub↗

    Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity

    Javaappsecbill-of-materialsbom
    Vezi pe GitHub↗3,612
  • github/advisory-databaseAvatar github

    github/advisory-database

    2,337Vezi pe GitHub↗

    The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and track security vulnerability data across diverse open source software ecosystems. It functions as a unified source of truth for security advisories, providing machine-readable records that help developers and automated tools identify and manage threats within their software supply chains. The platform distinguishes itself by utilizing a version-controlled, git-based storage model that relies on pull-request-driven workflows for community curation and verification. By enforcing a s

    Vezi pe GitHub↗2,337
  • wpscanteam/wpscanAvatar wpscanteam

    wpscanteam/wpscan

    9,636Vezi pe GitHub↗

    WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the

    Ruby
    Vezi pe GitHub↗9,636
  • Vezi toate cele 30 alternative pentru Osv.dev→