Join us

ContentUpdates and recent posts about Syft..
 Activity
devopslinks
@devopslinks added a new tool Syft , 48 minutes ago.
Course
eon01
@eon01 published a course, an hour ago
Founder, FAUN.dev

DevSecOps in Practice

#AppSec  #DevOps  #DevSecO...  #SecDevO...  #Securit... 
TruffleHog Flask NeuVector detect-secrets pre-commit OWASP Dependency-Check Docker checkov Bandit Hadolint Grype KubeLinter Syft GitLab CI/CD Trivy Kubernetes

A Hands-On Guide to Operationalizing DevSecOps at Scale

DevSecOps in Practice
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email

|

Sell your course on FAUN.dev
Syft, created by Anchore, is an open source Software Bill of Materials (SBOM) generator that analyzes container images, filesystems, repositories, and archives. It produces SBOMs in multiple standards, including SPDX, CycloneDX, and Syft's own JSON format. Syft identifies packages across ecosystems like Debian, Alpine, Python, Java, Ruby, Node.js, and Go. It integrates seamlessly with CI/CD pipelines, supports reproducible builds, and works alongside Grype for vulnerability scanning. Organizations rely on Syft to improve software supply chain transparency, meet compliance requirements, and enable automated security workflows.