CDK vs Syft
GitHub Stats
About CDK
CDK (Container penetration toolkit) is an open-source tool designed for container environment penetration testing and exploitation. It's distributed as a single static binary with zero dependencies, making it easy to deploy inside target containers during red team engagements. CDK bundles three categories of functionality: evaluation (gathering container environment information, checking capabilities, and identifying potential escape vectors), exploitation (automated container escape using techniques like mounting host filesystems, exploiting Docker socket, abusing Linux capabilities, and leveraging kernel vulnerabilities), and tools (network scanning, file transfer, reverse shell, and other post-exploitation utilities). CDK is regularly updated with new escape techniques as they're discovered, making it the most comprehensive container escape toolkit available.
About Syft
Syft is a CLI tool and Go library from Anchore for generating a Software Bill of Materials (SBOM) from container images and filesystems. It catalogues all packages, libraries, and dependencies present in a container image or directory, producing structured output in SPDX, CycloneDX, or Syft's native JSON format. Syft supports package detection for Alpine (apk), Debian (dpkg), Red Hat (rpm), Python (pip/poetry/pipenv), JavaScript (npm/yarn), Java (Maven/Gradle), Go modules, Rust (Cargo), Ruby (Gems), .NET (NuGet), and many other package ecosystems. SBOMs are increasingly required for software supply chain security compliance, and Syft integrates with Grype (Anchore's vulnerability scanner) to check the generated SBOM against known vulnerability databases. This pairing provides a complete supply chain security workflow: know what you're running (Syft) and whether it's vulnerable (Grype).
Platform Support
Tags
CDK only
Syft only