OSV Scanner configuration

OSV Scanner helps you find vulnerabilities in your project's open source dependencies. By default, OSV Scanner run the analyses through all supported dependency packages.

Supported dependency packages

  • npm
  • composer

If you want to ignore specific issues, you can add osv-scanner.toml file to your root and specify the ignored issues. For ignoring the issues, you have to specify the id which you can find on osv.dev website by using the CVE number provided by Codeac.


id = "GHSA-h452-7996-h45h"
ignoreUntil = 2022-12-24 # Optional exception expiry date
reason = "Cookie not used."

id = "GHSA-776f-qx25-q3cc"
reason = "XML not used."

Detected Vulnerability Example

Old versions of libraries can bring severe risk to your application, therefore you should update the packages regularly. If there is a known a vulnerability, Codeac covers your back and pinpoints the problem with the link for solution. Also, Codeac scores the vulnerability (0-10) to help you prioritize the dependency updates.