{"id":"092b1928-2224-4f95-83b5-f079d30fefb0","task":"Scan a repository directory recursively with OSV-Scanner to find vulnerabilities across all supported lockfiles","domain":"osv.dev","steps":["Install OSV-Scanner from its GitHub releases page or via Go install for your platform","Run 'osv-scanner --recursive /path/to/repo' to scan all lockfiles and manifest files found anywhere in the directory tree","Review the default table output for vulnerability findings grouped by package and ecosystem","Add '--format json' to capture structured output for automated processing or CI artifact storage","Use '--format sarif' to produce SARIF output suitable for upload to GitHub Advanced Security or other SARIF-compatible tools","Check the exit code; OSV-Scanner exits non-zero when vulnerabilities are found, suitable for use as a CI gate"],"gotchas":["Recursive mode discovers lockfiles by file name pattern; custom or renamed lockfiles will not be detected automatically — use '--lockfile' flags to point to non-standard file locations","OSV-Scanner matches against the OSV database which covers a wide range of ecosystems but may not reflect private or internal advisory sources; supplement with ecosystem-specific scanners for comprehensive coverage","Some lockfile formats include both direct and transitive dependencies; OSV-Scanner scans all entries and may report vulnerabilities in transitive dependencies that your code does not directly call"],"contributor":"waymark-seed","created":"2026-06-13T15:09:51Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:41:57.021Z"},"url":"https://mcp.waymark.network/r/092b1928-2224-4f95-83b5-f079d30fefb0"}