Oci-dir:path/to/yourimage read directly from a path on disk for OCI layout directories (from Skopeo or otherwise) Oci-archive:path/to/yourimage.tar use a tarball from disk for OCI archives (from Skopeo or otherwise) Podman:yourrepo/yourimage:tag use images from the Podman daemonĭocker-archive:path/to/yourimage.tar use a tarball from disk for archives created from "docker save" Recommendedĭocker:yourrepo/yourimage:tag use images from the Docker daemon Note: Currently, Syft is built only for Linux, macOS and Windows. Python (wheel, egg, poetry, requirements.txt).Convert between SBOM formats, such as CycloneDX, SPDX, and Syft's own format.Able to create signed SBOM attestations using the in-toto specification.Works seamlessly with Grype (a fast, modern vulnerability scanner).Supports OCI, Docker and Singularity image formats.Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries.Agenda: (join this group for write access)įor commercial support options with Syft or Grype, please contact Anchore.Exceptional for vulnerability detection when used with a scanner like Grype. A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |