adding osv-scanner

Author: alexcoderabbitai

docs/changelog.md

@@ -5,6 +5,14 @@ description: The latest updates and changes to CodeRabbit.
 sidebar_position: 13
 ---
 
+## August 14, 2025
+
+### OSV-Scanner Integration
+
+We've added support for [OSV-Scanner](https://github.com/google/osv-scanner), Google's vulnerability scanner that identifies security vulnerabilities in your project's dependencies and installed packages using the [OSV.dev](https://osv.dev) database.
+
+OSV-Scanner requires an `osv-scanner.toml` configuration file to run. See our [OSV-Scanner documentation](/tools/osv-scanner) for more details.
+
 ## August 4, 2025
 
 ### Model Context Protocol (MCP) Server Integration - Early Access

docs/tools/list.md

@@ -9,48 +9,48 @@ For more information about fine-tuning the CodeRabbit configuration of a tool, c
 
 For an overview of how CodeRabbit uses these tools when generating code reviews, as well as general information about controlling their use, see [Configure third-party tools](/tools/).
 
-| Technology | Tools | Category |
-| :-------------------------- | :--------------------------------------------------------- | :-------------------------------------------------- |
-| All |[Gitleaks][Gitleaks], [Pipeline Remediation][Pipeline]| Code Security, CI/CD |
-| Azure DevOps Pipelines |[Pipeline Remediation][Pipeline]| CI/CD Failure Remediation |
-| CircleCI |[CircleCI][CircleCI], [Pipeline Remediation][Pipeline]| Configuration Validation, CI/CD Failure Remediation |
-| CloudFormation |[Checkov][Checkov]| Code Security |
-| Cppcheck |[Cppcheck][Cppcheck]| Code Quality |
-| CSS |[Biome][Biome]| Code Quality |
-| Docker |[Hadolint][Hadolint], [Checkov][Checkov]| Code Quality, Code Security |
-| Environment Files (.env) |[Dotenv Linter][DotenvLinter]| Code Quality |
-| GitHub Actions |[actionlint][actionlint], [Pipeline Remediation][Pipeline]| Code Quality, CI/CD Failure Remediation |
-| GitLab Pipelines |[Pipeline Remediation][Pipeline]| CI/CD Failure Remediation |
-| Go |[golangci-lint][golangci-lint]| Code Quality |
-| Helm |[Checkov][Checkov]| Code Security |
-| HTML |[HTMLHint][HTMLHint]| Code Quality |
-| Javascript |[Biome][Biome], [oxlint][oxlint]| Code Quality |
-| JSON, JSONC |[Biome][Biome]| Code Quality |
-| JSX |[Biome][Biome], [oxlint][oxlint]| Code Quality |
-| Kotlin |[detekt][detekt]| Code Quality |
-| Kubernetes |[Checkov][Checkov]| Code Security |
-| Lua |[Luacheck][Luacheck]| Code Quality |
-| Makefile |[Checkmake][Checkmake]| Code Quality |
-| Markdown |[markdownlint][markdownlint], [LanguageTool][LanguageTool]| Code Quality, Grammar Checking |
-| PHP |[PHPStan][PHPStan], [PHPMD][PHPMD], [PHPCS][PHPCS]| Code Quality |
-| Plaintext |[LanguageTool][LanguageTool]| Grammar and Spell Checking |
-| Java |[PMD][PMD]| Code Quality |
-| Protobuf |[Buf][Buf]| Code Quality |
-| Python |[Ruff][Ruff], [Pylint][Pylint], [Flake8][Flake8]| Code Quality |
-| Jupyter Notebooks |[Ruff][Ruff], [Pylint][Pylint], [Flake8][Flake8]| Code Quality |
-| Regal |[Regal][Regal]| Code Quality |
-| Ruby |[RuboCop][RuboCop], [Brakeman][Brakeman]| Code Quality, Code Security |
-| Rust |[Clippy][Clippy]| Code Quality |
-| Semgrep |[Semgrep][Semgrep]| Code Security |
-| Shell (sh, bash, ksh, dash) |[ShellCheck][ShellCheck]| Code Quality |
-| Shopify |[Shopify CLI][ShopifyCLI]| Code Quality |
-| SQL |[SQLFluff][SQLFluff]| Code Quality |
-| Swift |[SwiftLint][SwiftLint]| Code Quality |
-| Terraform |[Checkov][Checkov]| Code Security |
-| TSX |[Biome][Biome], [oxlint][oxlint]| Code Quality |
-| Typescript |[Biome][Biome], [oxlint][oxlint]| Code Quality |
-| YAML |[YAMLlint][YAMLlint]| Code Quality |
-| Prisma |[Prisma Lint][PrismaLint]| Code Quality |
+| Technology | Tools | Category |
+| :-------------------------- | :--------------------------------------------------------------------------------| :-------------------------------------------------- |
+| All |[Gitleaks][Gitleaks], [OSV-Scanner][OSVScanner], [Pipeline Remediation][Pipeline]| Code Security, CI/CD |
+| Azure DevOps Pipelines |[Pipeline Remediation][Pipeline]| CI/CD Failure Remediation |
+| CircleCI |[CircleCI][CircleCI], [Pipeline Remediation][Pipeline]| Configuration Validation, CI/CD Failure Remediation |
+| CloudFormation |[Checkov][Checkov]| Code Security |
+| Cppcheck |[Cppcheck][Cppcheck]| Code Quality |
+| CSS |[Biome][Biome]| Code Quality |
+| Docker |[Hadolint][Hadolint], [Checkov][Checkov]| Code Quality, Code Security |
+| Environment Files (.env) |[Dotenv Linter][DotenvLinter]| Code Quality |
+| GitHub Actions |[actionlint][actionlint], [Pipeline Remediation][Pipeline]| Code Quality, CI/CD Failure Remediation |
+| GitLab Pipelines |[Pipeline Remediation][Pipeline]| CI/CD Failure Remediation |
+| Go |[golangci-lint][golangci-lint]| Code Quality |
+| Helm |[Checkov][Checkov]| Code Security |
+| HTML |[HTMLHint][HTMLHint]| Code Quality |
+| Javascript |[Biome][Biome], [oxlint][oxlint]| Code Quality |
+| JSON, JSONC |[Biome][Biome]| Code Quality |
+| JSX |[Biome][Biome], [oxlint][oxlint]| Code Quality |
+| Kotlin |[detekt][detekt]| Code Quality |
+| Kubernetes |[Checkov][Checkov]| Code Security |
+| Lua |[Luacheck][Luacheck]| Code Quality |
+| Makefile |[Checkmake][Checkmake]| Code Quality |
+| Markdown |[markdownlint][markdownlint], [LanguageTool][LanguageTool]| Code Quality, Grammar Checking |
+| PHP |[PHPStan][PHPStan], [PHPMD][PHPMD], [PHPCS][PHPCS]| Code Quality |
+| Plaintext |[LanguageTool][LanguageTool]| Grammar and Spell Checking |
+| Java |[PMD][PMD]| Code Quality |
+| Protobuf |[Buf][Buf]| Code Quality |
+| Python |[Ruff][Ruff], [Pylint][Pylint], [Flake8][Flake8]| Code Quality |
+| Jupyter Notebooks |[Ruff][Ruff], [Pylint][Pylint], [Flake8][Flake8]| Code Quality |
+| Regal |[Regal][Regal]| Code Quality |
+| Ruby |[RuboCop][RuboCop], [Brakeman][Brakeman]| Code Quality, Code Security |
+| Rust |[Clippy][Clippy]| Code Quality |
+| Semgrep |[Semgrep][Semgrep]| Code Security |
+| Shell (sh, bash, ksh, dash) |[ShellCheck][ShellCheck]| Code Quality |
+| Shopify |[Shopify CLI][ShopifyCLI]| Code Quality |
+| SQL |[SQLFluff][SQLFluff]| Code Quality |
+| Swift |[SwiftLint][SwiftLint]| Code Quality |
+| Terraform |[Checkov][Checkov]| Code Security |
+| TSX |[Biome][Biome], [oxlint][oxlint]| Code Quality |
+| Typescript |[Biome][Biome], [oxlint][oxlint]| Code Quality |
+| YAML |[YAMLlint][YAMLlint]| Code Quality |
+| Prisma |[Prisma Lint][PrismaLint]| Code Quality |
 
 [ShellCheck]: /tools/shellcheck.md
 [SQLFluff]: /tools/sqlfluff.md
@@ -88,3 +88,4 @@ For an overview of how CodeRabbit uses these tools when generating code reviews,
 [PHPMD]: /tools/phpmd.md
 [PHPCS]: /tools/phpcs.md
 [Flake8]: /tools/flake8.md
+[OSVScanner]: /tools/osv-scanner.md

docs/tools/osv-scanner.md

@@ -0,0 +1,29 @@
+---
+title: OSV-Scanner
+sidebar_label: OSV-Scanner
+description: CodeRabbit's guide to OSV-Scanner.
+---
+
+```mdx-code-block
+import ProPlanNotice from '@site/src/components/ProPlanNotice.mdx'
+
+<ProPlanNotice />
+```
+
+[OSV-Scanner](https://github.com/google/osv-scanner) is Google's vulnerability scanner that identifies vulnerabilities in your project's dependencies using the [OSV.dev](https://osv.dev) database.
+
+## Configuration
+
+OSV-Scanner requires an `osv-scanner.toml` configuration file to run.
+
+:::note
+
+CodeRabbit will only run OSV-Scanner if your repository contains an `osv-scanner.toml` configuration file.
+
+:::
+
+## Links
+
+-[OSV-Scanner GitHub Repository](https://github.com/google/osv-scanner)
+-[OSV-Scanner Documentation](https://google.github.io/osv-scanner/)
+-[OSV.dev Database](https://osv.dev)