Open
Description
Is your feature request related to a problem? Please describe.
Some projects are not supported by osv-scanner, for example Swift projects that use Podfile.lock or Package.resolved
Describe the solution you'd like
Add a new scanner which can scan these other lockfiles, or replace osv-scanner with a scanner that does it all
Describe alternatives you've considered
Trivy looks promising: https://github.com/aquasecurity/trivy
Additional Context
- Choose how to merge the results of this scanner with that of osv-scanner (both should run since projects may use multiple lockfiles -- for example react native)
- Figure out how to deal with duplicates, if they become possible (like if we use two scanners which scan the same lockfile, we would end up with duplicate vulnerabilities)