Google roll out open-source security scanning tool OSV-Scanner

The OSV-Scanner offers an officially supported frontend to this OSV database, which links the list of dependencies for a project with the vulnerabilities that affect them.

The OpenSSF Scorecard Vulnerabilities Check appears to have integrated OSV-Scanner, which implies it will be able to expand the analysis beyond just a project’s direct vulnerabilities to include vulnerabilities in all of its dependencies.