Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects.
The high number of dependencies that software projects rely on increases the risk of falling victim to a supply chain attack or to the exploitation of unknown vulnerabilities.
