| title | description | layout | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Trunk | How to run OSV-Scanner |
OSV-Scanner is an open-source tool created by Google to detect vulnerabilities in projects by scanning dependencies against the OSV database. |
|
OSV-Scanner is a linter for Security.
You can enable the OSV-Scanner linter with:
trunk check enable osv-scannerOSV-Scanner will be auto-enabled if any Lockfile files are present.
OSV-Scanner supports the following config files:
osv-scanner.toml
You can move these files to .trunk/configs and trunk check will still find them. See Moving Linters for more info.
{% hint style="warning" %}
Moving osv-scanner.toml to .trunk/configs can cause issues because osv-scanner.toml is only applied to projects in the root folder by default. This can cause issues with any projects in subfolders, such as in a multi-module repository.
{% endhint %}
To properly configure OSV scanner if you decide to move its config file, you can specify the path to osv-scanner.toml using the --config flag.
Example override to add to trunk.yaml :
commands:
- name: scan
run: |
osv-scanner \
--lockfile=${target} \
--format json \
--config=.trunk/configs/osv-scanner.toml- OSV-Scanner site
- OSV-Scanner Configuration
- OSV-Scanner Trunk Code Quality integration source
- Trunk Code Quality's open source plugins repo