osv
osv - Open Source Vulnerabilities Scanner
The osv module provides an interface for the OSV project, enabling users to scan local projects, identify vulnerable dependencies, and retrieve detailed vulnerability information.
When to Activate
- When the user wants to perform a security audit on their project dependencies (npm, pip, etc.).
- When querying detailed information for a specific vulnerability ID (e.g.,
osv-2020-111). - When generating security reports in the SARIF format for integration with CI/CD pipelines.
- When searching for vulnerabilities related to specific software packages and versions.
Core Principles & Rules
- Comprehensive Scanning: Use
sarifto generate standardized security reports. - Eco-System Aware: Supports multiple ecosystems including npm, pypi, and more.
- Search Integration: Uses AI or DuckDuckGo to summarize vulnerability details from the web.
Patterns & Examples
Full Project Scan
# Scan dependencies and generate a SARIF report
x osv sarif
Specific Vulnerability Query
# Get details for a specific vulnerability ID
x osv vuln OSV-2020-111
Check Software Version
# Query vulnerabilities for a specific version of a package
x osv q -p jq -v 1.7.1
Checklist
- Confirm if the user needs a full scan or info on a specific ID.
- Verify the target project directory or package name.
- Ensure the correct ecosystem (pip, npm) is identified if using granular subcommands.
More from x-cmd/skill
x-cmd
|
25x-security
This skill provides comprehensive security assessment and vulnerability management tools through x-cmd CLI, including network reconnaissance with Shodan, vulnerability scanning with OSV, and known exploited vulnerability tracking with KEV. This skill should be used when users need to perform security assessments, vulnerability research, network reconnaissance, or security monitoring from command line interfaces.
13x-network
This skill provides comprehensive network administration and diagnostic tools through x-cmd CLI, including network scanning with Nmap, ARP table management, DNS configuration, routing table analysis, and enhanced ping utilities. This skill should be used when users need to perform network diagnostics, troubleshoot connectivity issues, analyze network topology, or monitor network performance from command line interfaces.
11x-knowledge
This skill provides access to various knowledge search tools through x-cmd CLI, including Hacker News, Wikipedia, DuckDuckGo search, RFC documents, Project Gutenberg books, and Stack Exchange. This skill should be used when users need to search for technical information, browse online knowledge bases, or access documentation from command line interfaces.
6x-git
This skill provides comprehensive Git and code hosting platform management tools through x-cmd CLI, including GitHub, GitLab, Codeberg, Forgejo integration, and Git hooks management. This skill should be used when users need to manage Git repositories, work with code hosting platforms, automate Git workflows, or configure Git hooks from command line interfaces.
6x-system
This skill provides comprehensive system administration and monitoring tools through x-cmd CLI, including process management, macOS system utilities, network configuration, disk health monitoring, and storage analysis. This skill should be used when users need to perform system administration tasks, monitor system performance, manage network configurations, or troubleshoot system issues from command line interfaces.
6