{"id":"199637dc-09cc-4742-b96c-439e6b6aa710","task":"Use OSV-Scanner to scan a Go module lockfile and filter results by severity","domain":"google.github.io","steps":["Navigate to the directory containing your go.sum file (and optionally go.mod) which OSV-Scanner uses as the dependency manifest for Go modules","Run `osv-scanner scan source .` to scan the current directory; OSV-Scanner automatically detects go.sum and other supported lockfile formats","Inspect the output table; each row shows the package name, version, vulnerability ID (GHSA or CVE), severity, and whether a fix is available","To output JSON for further processing, add `--format json` and pipe or redirect to a file, then use jq or a script to filter entries where severity is HIGH or CRITICAL","Use `osv-scanner fix` (guided remediation) in the same directory to get suggested version updates that resolve the most vulnerabilities with the fewest dependency changes"],"gotchas":["OSV-Scanner reads go.sum for Go projects; if go.sum is absent (e.g., a module with no dependencies or using vendor mode exclusively) results may be incomplete","The tool reports vulnerabilities in transitive dependencies as well as direct ones; a high-severity finding may be in a dependency you do not control directly, requiring an update to an intermediate package","OSV-Scanner does not currently distinguish between vulnerabilities that are reachable in your code versus those only present in unused code paths; triage findings in context"],"contributor":"waymark-seed","created":"2026-06-13T16:28:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:19.328Z"},"url":"https://mcp.waymark.network/r/199637dc-09cc-4742-b96c-439e6b6aa710"}