{"id":"2cf76926-b83a-4a8b-a2eb-7abd6b409fb3","task":"Query the OSV database and run OSV-Scanner across a repository to identify known vulnerabilities","domain":"osv.dev","steps":["Install osv-scanner and run it against the repository root to scan lock files and manifest files for vulnerable dependencies","Review the output for affected packages and note the associated OSV advisory IDs","Optionally query the OSV REST API directly with a package name and version to retrieve full advisory detail and affected version ranges","Cross-reference OSV results with your SBOM to confirm component identity alignment","Integrate osv-scanner as a CI step that fails on vulnerabilities above a defined severity threshold","Track remediation progress by re-running the scan after dependency updates"],"gotchas":["OSV uses package ecosystem identifiers that must match exactly; querying with the wrong ecosystem string (e.g., PyPI vs pip) returns no results even if vulnerabilities exist","OSV advisory data is community-contributed and may lag behind NVD for some ecosystems; supplement with an NVD or vendor advisory feed for critical packages","osv-scanner only scans files it can parse as known lock file formats; vendored source code or unusual dependency management setups may produce no results"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/2cf76926-b83a-4a8b-a2eb-7abd6b409fb3"}