CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Introduction
Syft is a powerful and easy-to-use open-source tool for generating Software Bill of Materials (SBOMs) for container images and filesystems. It provides detailed visibility into the packages and dependencies in your software, helping you manage vulnerabilities, license compliance, and software supply chain security.
Syft development is sponsored by Anchore, and is released under the Apache-2.0 License. For commercial support options with Syft or Grype, please contact Anchore.
Getting Started
To generate an SBOM for a container image:
syft <image>
The above output includes only software that is visible in the container (i.e., the squashed representation of the image). To include software from all image layers in the SBOM, regardless of its presence in the final image, provide --scope all-layers:
syft <image> --scope all-layers
Output Formats
The output format for Syft is configurable as well using the -o (or --output) option:
syft <image> -o <format>
Where the formats available are:
Note that flags using the @ can be used for earlier versions of each specification as well.
Supported Ecosystems
Documentation
Our wiki contains further details::
https://github.com/anchore/syft/wiki
For commercial support options with Syft or Grype, please contact Anchore
This prototype Syft snap is built using the configuration here: https://github.com/popey/syft-snap
Thank you for your report. Information you provided will help us investigate further.
There was an error while sending your report. Please try again later.
You are about to open
Do you wish to proceed?
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build. They update automatically and roll back gracefully.
Snaps are discoverable and installable from the Snap Store, an app store with an audience of millions.
Snap can be installed from the command line on openSUSE Leap 15.x and Tumbleweed.
You need first add the snappy repository from the terminal. Leap 15.5 users, for example, can do this with the following command:
sudo zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.5 snappy
Swap out openSUSE_Leap_15.5 for openSUSE_Leap_15.4 or openSUSE_Tumbleweed if you’re using a different version of openSUSE.
With the repository added, import its GPG key:
sudo zypper --gpg-auto-import-keys refresh
Finally, upgrade the package cache to include the new snappy repository:
sudo zypper dup --from snappy
Snap can now be installed with the following:
sudo zypper install snapd
You then need to either reboot, logout/login or source /etc/profile to have /snap/bin added to PATH.
Additionally, enable and start both the snapd and the snapd.apparmor services with the following commands:
sudo systemctl enable --now snapd
sudo systemctl enable --now snapd.apparmor
To install Syft - SBOM Generator, simply use the following command:
sudo snap install syft --classic
Browse and find snaps from the convenience of your desktop using the snap store snap.
Interested to find out more about snaps? Want to publish your own application? Visit snapcraft.io now.