Google's new OSV-Scanner for vulnerabilities

Hey @jayasanka & @dkayiwa - do you think we should leverage this in our dev pipeline somehow? Google Announces Vulnerability Scanner for Open Source Developers | SecurityWeek.Com

1 Like

Thanks @grace. This is definitely worth investigating!

1 Like

I see we have CodeQL, SonarCloud, Dependabot setup for openmrs-core? Is this not working for us?

Maybe we just need to add more repos and tweak configuration? They integrate nicely with GitHub and run on PRs.

Let me throw in some links for reference as well: with nice summary at