CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format.
Features
- Works seamlessly with Grype (a fast, modern vulnerability scanner)
- Able to create signed SBOM attestations using the in-toto specification
- Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format.
- Linux distribution identification
- Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries
- Supports OCI, Docker and Singularity image formats
Project Samples
License
Apache License V2.0Follow syft
You Might Also Like
Monitor your whole IT Infrastructure
Caters to tech staff, system Administrators, and companies of any size, from small and medium sized businesses to enterprises that need their IT network to be reliable and easy to monitor in real-time. Equipped with an easy-to-use, intuitive interface with a cutting-edge monitoring engine. PRTG optimizes connections and workloads as well as reducing operational costs by avoiding outages while saving time and controlling service level agreements (SLAs).
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of syft!