Syft
Open-source SBOM generator for containers and filesystems
Syft is an open-source software bill of materials (SBOM) generator from Anchore that creates detailed inventories of packages, libraries, and dependencies in container images and filesystems. It generates SBOMs in industry-standard formats (SPDX, CycloneDX) required by US government executive orders and enterprise procurement policies. Syft works alongside Grype for vulnerability scanning—first generate the SBOM with Syft, then scan it with Grype to find CVEs.
Key Features
- ✓SBOM generation
- ✓SPDX/CycloneDX output
- ✓Container image support
- ✓Filesystem scanning
- ✓NIST compliance
- ✓Open source
Quick Info
- Category
- Security
- Pricing
- Free
More Security Tools
Darktrace
SecurityAI-powered cybersecurity platform that uses self-learning AI to detect and autonomously respond to cyber threats in real time.
CrowdStrike Charlotte AI
SecurityCrowdStrike's generative AI security analyst that answers threat questions, investigates incidents, and accelerates response.
Vectra AI
SecurityAI-driven threat detection and response platform that identifies attacker behavior across hybrid and multi-cloud environments.
Recorded Future AI
SecurityAI-powered threat intelligence platform