Google Releases Open Source Library for Software Composition Analysis - SecurityWeek

Google released OSV-SCALIBR, an open source library for software composition analysis and file system scanning. The tool supports SCA for packages, binaries, and source code, vulnerability scanning, and SBOM generation. Google plans to integrate OSV-SCALIBR more deeply into OSV-Scanner, a vulnerability scanner for open source dependencies.