Projects
Overview of Anchore Open Source tools
Tag: syft
Syft Command Line Reference
Categories:
Getting Started
Use Syft to generate your first SBOM from container images, directories, or archives.
Syft
Architecture and design of the Syft SBOM tool
Categories:
Syft
Developer guidelines when contributing to Syft
Categories:
Installing Syft
Syft Configuration Reference
Categories:
Supported Scan Targets
Explore the different scan targets Syft supports including container images, OCI registries, directories, files, and archives.
SBOM Generation
Learn how to create a Software Bill of Materials (SBOMs) for container images, filesystems, and archives using Syft.
Contributing
Guidelines for developing & contributing to Anchore Open Source projects
Output Formats
Choose from multiple SBOM output formats including SPDX, CycloneDX, and Syft’s native JSON format.
License Scanning
Learn how to scan container images and filesystems for software licenses covering detection, compliance checking, and managing license obligations.
Working with JSON
Learn how to work with Syft’s native JSON format including querying with jq, extracting metadata, and understanding the SBOM structure.
Package Catalogers
Configure which package catalogers Syft uses to discover software components including language-specific and file-based catalogers.
Verifying Downloads
Verifying release assets after downloading
File Selection
Control which files and directories Syft includes or excludes when generating SBOMs.
Using Templates
Create custom SBOM output formats using Go templates with available data fields to build tailored reports for specific tooling or compliance requirements.
Format Conversion
Convert existing SBOMs between different formats including SPDX and CycloneDX using Syft’s experimental conversion capabilities.
Private Registries
Configure authentication for scanning container images from private registries using credentials, registry tokens, and credential helpers.
Attestation
Generate cryptographically signed SBOM attestations using in-toto and Sigstore to create, verify, and attach attestations to container images for supply chain security.
Configuration Rules
Configuration patterns and options used across all Anchore OSS tools