Deepce vs Syft
GitHub Stats
About Deepce
Deepce (Docker Enumeration, Escalation of Privileges, and Container Escapes) is a tool designed to help identify vulnerable Docker installations and find potential container escape routes. Written as a portable shell script with no dependencies, it runs inside Docker containers to assess the security posture from the inside out. Deepce checks for dangerous capabilities (SYS_ADMIN, SYS_PTRACE, DAC_READ_SEARCH), mounted Docker sockets, writable host mounts, misconfigured namespaces, and known kernel vulnerabilities that enable container escapes. It also fingerprints the container environment, identifies the container runtime (Docker, Podman, LXC), checks network configuration, and enumerates neighboring containers. Its zero-dependency design makes it ideal for quick assessments during penetration tests where you land inside a container and need to assess your options.
About Syft
Syft is a CLI tool and Go library from Anchore for generating a Software Bill of Materials (SBOM) from container images and filesystems. It catalogues all packages, libraries, and dependencies present in a container image or directory, producing structured output in SPDX, CycloneDX, or Syft's native JSON format. Syft supports package detection for Alpine (apk), Debian (dpkg), Red Hat (rpm), Python (pip/poetry/pipenv), JavaScript (npm/yarn), Java (Maven/Gradle), Go modules, Rust (Cargo), Ruby (Gems), .NET (NuGet), and many other package ecosystems. SBOMs are increasingly required for software supply chain security compliance, and Syft integrates with Grype (Anchore's vulnerability scanner) to check the generated SBOM against known vulnerability databases. This pairing provides a complete supply chain security workflow: know what you're running (Syft) and whether it's vulnerable (Grype).
Platform Support
Tags
Deepce only
Syft only