1. Codeac
  2. Docs
  3. OSV Scanner configuration
Getting Started
Supported Languages
Security
ESLint configuration
TSLint configuration
PHPMD configuration
RuboCop configuration
PMD configuration
Detekt configuration
SCSS Lint configuration
Pylint configuration
Revive configuration
Ethlint configuration
Ansible Linter configuration
CloudFormation Linter configuration
TFSec configuration
OSV Scanner configuration
Copy/Paste Detector configuration
Pull requests
Issue Thresholds
Custom Configuration
Self-Hosted GitLab

OSV Scanner configuration

OSV Scanner helps you find vulnerabilities in your project's open source dependencies. By default, OSV Scanner run the analyses through all supported dependency packages.

Supported dependency packages

  • npm
  • composer

If you want to ignore specific issues, you can add osv-scanner.toml file to your root and specify the ignored issues. For ignoring the issues, you have to specify the id which you can find on osv.dev website by using the CVE number provided by Codeac.

osv-scanner.toml 

[[IgnoredVulns]]
id = "GHSA-h452-7996-h45h"
ignoreUntil = 2022-12-24 # Optional exception expiry date
reason = "Cookie not used."

[[IgnoredVulns]]
id = "GHSA-776f-qx25-q3cc"
reason = "XML not used."

Detected Vulnerability Example

Old versions of libraries can bring severe risk to your application, therefore you should update the packages regularly. If there is a known a vulnerability, Codeac covers your back and pinpoints the problem with the link for solution. Also, Codeac scores the vulnerability (0-10) to help you prioritize the dependency updates.