Skip to content

Update google/osv-scanner-action action to v2 #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update google/osv-scanner-action action to v2 #89

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 24, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
google/osv-scanner-action action major v1.9.2v2.3.2

Release Notes

google/osv-scanner-action (google/osv-scanner-action)

v2.3.2

Compare Source

This updates OSV-Scanner to v2.3.2

This release includes performance improvements for local scanning, reducing memory usage and avoiding unnecessary advisory loading. It also fixes issues with MCP's get_vulnerability_details tool, git queries in osv-scanner.json, and ignore entry tracking, along with documentation updates.

Fixes:
  • Bug #​2415 Add more PURL-to-ecosystem mappings
  • Bug #​2422 MCP error for get_vulnerability_id because type definition is incorrect.
  • Bug #​2460 Enable osv-scanner.json git queries
  • Bug #​2456 Properly track if an ignore entry has been used
  • Bug #​2450 Performance: Avoid loading the entire advisory unless it will actually be used
  • Bug #​2445 Performance: Don't read the entire zip into memory
  • Bug #​2433 Allow specifying user agent in v2 osvscanner package
Misc:

Full Changelog: google/osv-scanner@v2.3.1...v2.3.2

v2.3.1

Compare Source

What's Changed

New Contributors

Full Changelog: google/osv-scanner-action@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.4...v2.3.0

v2.2.4

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.3...v2.2.4

v2.2.3

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.2...v2.2.3

v2.2.2

Compare Source

This updates OSV-Scanner to v2.2.2.

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:
Fixes:
  • Bug #​2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
  • Bug #​2084 Show absolute paths when scanning containers.
  • Bug #​2126 Log and preserve package count before continuing on db error.
  • Bug #​2095 Pass through plugin capabilities correctly.
  • Bug #​2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
  • Bug #​2072 Add missing "text" property in description fields.
  • Bug #​2068 Change links in output to go to the specific vulnerability page instead of the list page.
  • Bug #​2064 Fix SARIF v3 output to include results.
  • Bug #​2151 Filter by ecosystem before querying.
API Changes:

[!WARNING]
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.

v2.1.0

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.0.3...v2.1.0

v2.0.3

Compare Source

Update to use osv-scanner v2.0.3

Notable changes:

  • There's now a flag --allow-no-lockfiles you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.
  • We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)

v2.0.2

Compare Source

Update osv-scanner to v2.0.2

v2.0.1

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.0.0...v2.0.1

v2.0.0

Compare Source

What's Changed
  • Updated to support OSV-Scanner V2
  • Workflows, add support for matrix strategies by @​GeoDerp in #​52
  • Support checking out submodules by @​faern in #​57
Breaking changes

By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.

To match the previous behavior, pass --include-git-root to scan-args, e.g.

  osv-scan:
    uses: "google/osv-scanner-action/.github/workflows/[email protected]"
    with:
      scan-args: |-
        --include-git-root
        --recursive
        ./

Full Changelog: google/osv-scanner-action@v1.9.2...v2.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Mar 24, 2025
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 79e5ff3 to d83f1a2 Compare April 3, 2025 05:40
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from d83f1a2 to f6b73f3 Compare May 5, 2025 02:38
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from f6b73f3 to d5bff50 Compare June 16, 2025 05:52
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from d5bff50 to ca25151 Compare July 14, 2025 06:49
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch 2 times, most recently from 0ed788d to 5b18a7e Compare August 15, 2025 04:52
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 5b18a7e to d9e0935 Compare August 27, 2025 07:06
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from d9e0935 to b9a4aed Compare October 1, 2025 21:13
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from b9a4aed to ab49f92 Compare October 29, 2025 06:33
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from ab49f92 to 45920a2 Compare November 20, 2025 00:34
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 45920a2 to 61c60a2 Compare December 11, 2025 08:36
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 61c60a2 to f456e64 Compare January 15, 2026 05:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants