Vanir#
Description#
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together with their corresponding signatures so that users can transparently scan missing patches for an up-to-date list of CVEs. Check also https://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html.
Home page for this solution: google/vanir
Overview#
Key |
Value |
|---|---|
Name |
vanir |
Description |
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together with their corresponding signatures so that users can transparently scan missing patches for an up-to-date list of CVEs. |
License |
BSD 3-Clause “New” or “Revised” License |
Programming Language |
Python |
Created |
2024-08-07 |
Last update |
2025-03-18 |
Github Stars |
324 |
Project Home Page |
|
Code Repository |
|
OpenSSF Scorecard |
Note:
Created date is date that repro is created on Github.com.
Last update is only the last date I run an automatic check.
Do not attach a wrong value to github stars. Its a vanity metric! Stars count are misleading and don’t indicate if the SBB is high-quality or very popular.