Google has released OSV-SCALIBR, an open-source Go library for software composition analysis (SCA) and vulnerability scanning, capable of extracting software inventories, generating SBOMs, and identifying vulnerabilities across various platforms and programming languages. It will integrate into OSV-Scanner, enhancing features like installed package extraction, SBOM generation, and weak credentials scanning.

‍