CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format.

Features

  • Works seamlessly with Grype (a fast, modern vulnerability scanner)
  • Able to create signed SBOM attestations using the in-toto specification
  • Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format.
  • Linux distribution identification
  • Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries
  • Supports OCI, Docker and Singularity image formats

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow syft

syft Web Site

Other Useful Business Software
Compliant and Reliable File Transfers Backed by Top Security Certifications Icon
Compliant and Reliable File Transfers Backed by Top Security Certifications

Cerberus FTP Server delivers SOC 2 Type II certified security and FIPS 140-2 validated encryption.

Stop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
Start Free Trial
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of syft!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Go

Related Categories

Go Terminals, Go Vulnerability Scanners

Registered

2023-01-13