Syft
Supported Standards
CycloneDX, SPDX, Syft
Overview
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Features
Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries Supports OCI and Docker image formats Linux distribution identification Works seamlessly with Grype (a fast, modern vulnerability scanner) Able to create signed SBOM attestations using the in-toto specification