← Back to tools

syft

Generate Software Bill of Materials (SBOM) from container images and filesystems

Homepage Repository
Security linuxmacoswindows Go Apache-2.0

Description

Syft is a CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. It supports multiple output formats and package managers.

When to use this tool

Good fit when
  • When you need to generate SBOMs
  • When auditing software supply chains
Avoid when
  • When you need vulnerability scanning (use grype)

AI Summary

Generate SBOMs from container images and filesystems for supply chain security

Capabilities

  • + Generate SBOMs from containers
  • + Scan filesystems for packages
  • + Multiple output formats (SPDX, CycloneDX)
  • + Wide package manager support

Use When

  • When you need to generate SBOMs
  • When auditing software supply chains

Avoid When

  • x When you need vulnerability scanning (use grype)

Related Tools

grype complementary
grant complementary
quill complementary
View AGENTS.md for syft