osv
Safeguard articles tagged "osv" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Enriching SBOMs with Vulnerability and License Metadata
A base SBOM only lists what's in your build — OSV.dev, EPSS, and OpenSSF Scorecard turn that inventory into a prioritized risk decision.
GHSA vs CVE vs OSV: comparing vulnerability identifier formats
A plain-language breakdown of CVE, GHSA, and OSV vulnerability identifiers, who assigns them, how they differ, and why one flaw can carry three IDs.
Open Source Vulnerability Database Comparison 2026
Comparing the major open source vulnerability databases in 2026: NVD, OSV, GHSA, GitLab Advisory, and ecosystem-specific feeds measured on coverage and freshness.
The OSV Vulnerability Database API Cookbook
Practical patterns for using the OSV.dev API in production: batch queries, schema gotchas, version range parsing, and how to integrate OSV data into your own vulnerability pipelines.
Renovate 2026: Security-Only Mode and OSV Alerts Tested
Renovate's 2026 security presets, OSV-based vulnerability alerts, and 14-day minimum release age combine into a defensible auto-update posture. We tested it on a 240-repo org.
What is a Vulnerability Database
CVE, NVD, OSV, GHSA, KEV — vulnerability databases power every scanner's severity score. Here's how they're built, enriched, and where they fall short.
Open Source Vulnerability Databases Compared: NVD, OSV, GitHub Advisory, and More
Not all vulnerability databases are created equal. A detailed comparison of coverage, timeliness, accuracy, and practical usability across the major databases.
What Is OSV (Open Source Vulnerabilities)?
OSV is an open, ecosystem-native vulnerability database that expresses affected versions in precise, machine-matchable ranges. Here is how it works and why scanners rely on it.
OSV Schema: The Open Source Vulnerability Database Format Explained
OSV provides a standardized format for vulnerability data that is purpose-built for open-source ecosystems. Here is how it works and why it is better than NVD for dependency scanning.