This workflow action uses OSV Scanner, an open source vulnerability
scanner by Google. We're using OSV Scanner because it has:
* good usability - JSON output and multiple options
* good accuracy - OSV database from google and support
for multiple languages including PHP