Skip to content

coder/osv-test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
fixtures/vulnerable
fixtures/vulnerable
 
 
README.md
README.md
 
 

Repository files navigation

osv-test

Minimal test repository for evaluating OSV-Scanner with GitHub Actions and GitHub code scanning.

This repository contains:

  • A deliberately vulnerable npm lockfile in fixtures/vulnerable/package-lock.json.
  • A GitHub Actions workflow that runs OSV-Scanner on pushes, on a schedule, and via manual dispatch.
  • SARIF upload to GitHub Security / code scanning.

Expected behavior

The workflow is configured to scan the vulnerable fixture and upload SARIF results to GitHub code scanning. It does not fail the workflow on findings so the scan results can still be reviewed in GitHub Security.

Vulnerable fixture

The fixture uses minimist@0.0.8, which has known vulnerabilities and is intended to produce findings in OSV-Scanner.

About

Minimal OSV-Scanner evaluation repository with SARIF upload

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors