Skip to content

Update google/osv-scanner-action action to v2 #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dex4er merged 1 commit into from
Oct 6, 2025
Merged

Update google/osv-scanner-action action to v2 #70

dex4er merged 1 commit into from
Oct 6, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 24, 2025
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Type Update Change
google/osv-scanner-action action major v1.9.2 -> v2.2.3

Release Notes

google/osv-scanner-action (google/osv-scanner-action)

v2.2.3

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.2...v2.2.3

v2.2.2

Compare Source

This updates OSV-Scanner to v2.2.2.

What's Changed

Full Changelog: google/osv-scanner-action@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!

Features:
Fixes:
  • Bug #​2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
  • Bug #​2084 Show absolute paths when scanning containers.
  • Bug #​2126 Log and preserve package count before continuing on db error.
  • Bug #​2095 Pass through plugin capabilities correctly.
  • Bug #​2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
  • Bug #​2072 Add missing "text" property in description fields.
  • Bug #​2068 Change links in output to go to the specific vulnerability page instead of the list page.
  • Bug #​2064 Fix SARIF v3 output to include results.
  • Bug #​2151 Filter by ecosystem before querying.
API Changes:

[!WARNING]
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.

v2.1.0

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.0.3...v2.1.0

v2.0.3

Compare Source

Update to use osv-scanner v2.0.3

Notable changes:

  • There's now a flag --allow-no-lockfiles you can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles.
  • We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)

v2.0.2

Compare Source

Update osv-scanner to v2.0.2

v2.0.1

Compare Source

What's Changed

Full Changelog: google/osv-scanner-action@v2.0.0...v2.0.1

v2.0.0

Compare Source

What's Changed
  • Updated to support OSV-Scanner V2
  • Workflows, add support for matrix strategies by @​GeoDerp in #​52
  • Support checking out submodules by @​faern in #​57
Breaking changes

By default, osv-scanner-action no longer scans the HEAD git hash. This means if there are no other lockfiles found to scan, then osv-scanner-action will fail the workflow, as it is likely it's setup incorrectly.

To match the previous behavior, pass --include-git-root to scan-args, e.g.

  osv-scan:
    uses: "google/osv-scanner-action/.github/workflows/[email protected]"
    with:
      scan-args: |-
        --include-git-root
        --recursive
        ./

Full Changelog: google/osv-scanner-action@v1.9.2...v2.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Mar 24, 2025
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 4b52c4d to 5a54429 Compare April 3, 2025 05:02
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 5a54429 to e0b2b26 Compare May 5, 2025 02:21
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from e0b2b26 to a2ce2aa Compare June 16, 2025 13:09
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from a2ce2aa to f754231 Compare July 14, 2025 04:59
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch 2 times, most recently from 7499bba to 6b33740 Compare August 15, 2025 02:45
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 6b33740 to 751d126 Compare August 27, 2025 05:02
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 751d126 to 06df7f3 Compare October 1, 2025 21:27
@renovate renovate bot force-pushed the renovate/google-osv-scanner-action-2.x branch from 06df7f3 to 9ed393b Compare October 6, 2025 20:56
@dex4er dex4er merged commit 7761fb5 into main Oct 6, 2025
6 checks passed
@dex4er dex4er deleted the renovate/google-osv-scanner-action-2.x branch October 6, 2025 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dex4er