syft

Generate Software Bill of Materials (SBOM) from container images and filesystems

Security linuxmacoswindows Go Apache-2.0

Description

Syft is a CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. It supports multiple output formats and package managers.

AI Summary

Generate SBOMs from container images and filesystems for supply chain security

Capabilities

+ Generate SBOMs from containers
+ Scan filesystems for packages
+ Multiple output formats (SPDX, CycloneDX)
+ Wide package manager support

Use When

→ When you need to generate SBOMs
→ When auditing software supply chains

Avoid When

x When you need vulnerability scanning (use grype)

Related Tools

grype complementary

grant complementary

quill complementary

View AGENTS.md for syft