Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT.

RT @kevin_mizu: I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Ha….

RT @GoogleOSS: Protect your systems from leaked credentials! 🚨 We're excited to announce Veles, a new open-source secret and credential sca….

Veles, Google's new open-source secret scanner, is now available. This tool, built into our SCALIBR scanner, identifies exposed credentials with an extensible architecture for new secret types. We'd love to hear your feedback and answer any questions.

RT @avkovaleff: Today Google announced a new OSV-SCALIBR: A library for Software composition analysis. It allows to extract software depend….

RT @TweetThreatNews: Google has launched OSV-SCALIBR, an open-source library for software composition analysis! It identifies vulnerabiliti….

RT @EduardKovacs: Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. https://t….

RT @TheNimbleNerd: Google’s New OSV-SCALIBR: Your Software’s Superhero or Just Another Sidekick?. Hot Take:. Google's OSV-SCALIBR: Because….

Github Repo:

SCALIBR is a library that allows you to enumerate all software installed in a given file system, such as containers, VMs, running machines, or code repositories. Additionally, it offers extensible vulnerability scanning capabilities. Reach out in case you have questions.

RT @tbbhunter: OSV-SCALIBR: A library for Software Composition Analysis.

RT @clintgibler: ⚒️ SCALIBR (Software Composition Analysis Library). An extensible file system scanner used to extract software inventory d….

RT @Alevskey: OSV-SCALIBR: A library for Software Composition Analysis: by Google Online Security Blog #infosec #cy….

RT @rseroter: "OSV-SCALIBR combines Google’s internal vulnerability management expertise into one scanning library with significant new cap….

RT @we1x: I wish we could deprecate javascript: URIs which are one of the few remaining XSS vectors for modern SPAs. Until then we can use….

RT @paradoxengine: Tsunami wants to be the best platform for scanning your AI infrastructure. Come join the party.

RT @GoogleVRP: Are you passionate about expanding the capabilities of the Tsunami network scanner, and would like to help keep AI infrastru….

RT @lancinimarco: ⚗️ localtoast. Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an eas….

RT @FIRSTdotOrg: The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0 - This la….

RT @lcamtuf: I'm not a fan of using SBOMs for vulnerability response. It can be argued that they are better than nothing - but I'm not so s….