ngmi / google / osv-scanner

google/osv-scanner

Go 8.5k stars

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

⟳ Syncing… Share on X →
README badge: [![ngmi](https://ngmi.review/badge/google/osv-scanner.svg)](https://ngmi.review/repo/google/osv-scanner)
1.8k Merged PRs
4 days Avg Merge Time
0m Fastest PR
6 months Slowest PR
#1173 Global Speed Rank
Trim top 0% outliers

Trends Over Time

Monthly aggregates for this repo. The gap between avg and median reveals outlier skew.

PR size over time (lines changed)
Review time over time (hrs)
Changes requested rate over time (%)
Merged PRs per month
Time to first review (hrs)
Unreviewed merge rate (%)

PR Size Analysis

Lines changed (additions + deletions) vs review outcomes.

PRs by size
Avg review time (hrs)
Clean approval rate (%)

Top Reviewers

#1
@another-rex
1392 reviews ✓ 884 approved ↺ 9 blocked
#2 @cuixq
@cuixq
665 reviews ✓ 498 approved
#3 @oliverchang
@oliverchang
545 reviews ✓ 347 approved ↺ 3 blocked
#4 @G-Rath
@G-Rath
524 reviews ✓ 185 approved ↺ 31 blocked
#5 @hogo6002
@hogo6002
351 reviews ✓ 214 approved
#6 @michaelkedar
@michaelkedar
282 reviews ✓ 144 approved ↺ 1 blocked
#7
@hayleycd
90 reviews ✓ 17 approved ↺ 4 blocked
#8
@josieang
57 reviews ✓ 7 approved
#9
@andrewpollock
46 reviews ✓ 36 approved
#10 @jess-lowe
@jess-lowe
34 reviews ✓ 27 approved

Recent Merged PRs

# Title Author Time Reviews Blocks
#2546 test: update snapshots @osv-robot 10m 2
#2526 refactor: use `RequiredPlugins` to decide if transitive enrichers should be enabled @G-Rath 5 days 9
#2539 docs: fix Dockerfile ruby version and cleanup bundle configuration @cuixq 2 days 1
#2532 feat: update osv-scalibr @osv-robot 4 days 1
#2536 build(deps-dev): bump nokogiri from 1.18.10 to 1.19.1 in /docs in the bundler group across 1 directory @dependabot 3 days 1
#2544 test: use a fixed length name for temp directories @G-Rath 1.7h 3
#2545 feat: pass the same config with user agent to all plugins @G-Rath 28m 2
#2535 test: update snapshots @osv-robot 3 days 1
#2543 ci: allow snapshots workflow to record new cassette interactions @G-Rath 1.7h 3
#2131 feat: Add the main file for determine package reachability level of Python project @p1gc0rn 6 months 30
#2466 feat: replace `pomxmlenhanceable` extractor with transitive enricher @G-Rath 1 month 9
#2533 test: update snapshots @osv-robot 3.5h 1
#2523 refactor: update linter to v2.8 and do a bunch more pre-allocating @G-Rath 10.0h 2
#2518 feat: update osv-scalibr @osv-robot 4 days 2
#2527 ci: rename "pr title check" workflow and job @G-Rath 4.4h 1
#2528 ci: use the latest image artifacts available @G-Rath 4.0h 2
#2524 refactor: use `fmt.Fprintf` rather than `WriteString` + `Sprintf` @G-Rath 5.1h 3
#2529 test: update snapshots @osv-robot 2.2h 3
#2520 chore: Migrate gsutil usage to gcloud storage @gurusai-voleti 1 day 1
#2525 test: update snapshots @osv-robot 10m 1