Syft
Apache-2.0๐ฆ Container Security ยท Go
Syft is a CLI tool and Go library from Anchore for generating a Software Bill of Materials (SBOM) from container images and filesystems. It catalogues all packages, libraries, and dependencies present in a container image or directory, producing structured output in SPDX, CycloneDX, or Syft's native JSON format. Syft supports package detection for Alpine (apk), Debian (dpkg), Red Hat (rpm), Python (pip/poetry/pipenv), JavaScript (npm/yarn), Java (Maven/Gradle), Go modules, Rust (Cargo), Ruby (Gems), .NET (NuGet), and many other package ecosystems. SBOMs are increasingly required for software supply chain security compliance, and Syft integrates with Grype (Anchore's vulnerability scanner) to check the generated SBOM against known vulnerability databases. This pairing provides a complete supply chain security workflow: know what you're running (Syft) and whether it's vulnerable (Grype).
Installation
brew (macOS)
$ brew install syftcurl
$ curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/binGo
$ go install github.com/anchore/syft@latestUse Cases
- Generating Software Bill of Materials for container images before deployment
- Cataloguing all packages and dependencies in production container images
- Meeting supply chain security compliance requirements with SPDX/CycloneDX output
- Pairing with Grype to scan SBOMs for known vulnerabilities
- Integrating SBOM generation into CI/CD pipelines for continuous visibility
Tags
Details
- Category
- ๐ฆ Container Security
- Language
- Go
- Repository
- anchore/syft
- License
- Apache-2.0
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Alternatives & Comparisons
Trivy
GoComprehensive vulnerability scanner for containers, filesystems, git repos, and Kubernetes with SBOM generation.
Compare Syft vs TrivyGrype
GoVulnerability scanner for container images and filesystems that matches installed packages against known CVEs.
Compare Syft vs GrypeFalco
C++Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.
Compare Syft vs Falcokube-hunter
PythonKubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.
Compare Syft vs kube-hunterCDK
GoContainer escape and exploitation toolkit. Zero-dependency binary for container pentesting with escape exploits and post-exploitation tools.
Compare Syft vs CDKMore in Container Security
Falco
C++Cloud-native runtime security. Detects threats in containers, Kubernetes, and Linux hosts using system call monitoring and custom rules.
kube-hunter
PythonKubernetes penetration testing tool. Hunts for security weaknesses in Kubernetes clusters from inside or outside the network.
CDK
GoContainer escape and exploitation toolkit. Zero-dependency binary for container pentesting with escape exploits and post-exploitation tools.
Deepce
ShellDocker enumeration and privilege escalation. Discover Docker containers, check for misconfigurations, and find escape paths.
Dockle
GoContainer image linter. Checks Docker images for security best practices, CIS benchmarks, and Dockerfile misconfigurations.