Open Source Container Security
API-centric open source tools for container vulnerability scanning and SBOM generation
Open Source Tools for Container Security
Syft
Generate a comprehensive Software Bill of Materials (SBOM) with a CLI tool.
Gain visibility down to the file level
Automatically generate SBOMs in your CI/CD pipeline
Uncover direct and transitive dependencies
Output SBOMs in JSON, SPDX, and CycloneDX formats
Star on GitHub
Grype
Quickly scan and generate a list of known vulnerabilities from an SBOM, container image or project directory.
Scan OS and language-specific packages
Get optimized results across vulnerability sources
Automate scans in your CI/CD pipeline
Combine with Syft for faster scans
Get Up and Running in Minutes
Tutorials and documentation for easy implementation
Integration guides for the tools you use
Extend to the Enterprise
Combine Syft and Grype with Anchore Enterprise for the visibility and control you need to secure your software supply chain.
More on Open Source
Blog
Drop an SBOM: How to Secure Your Software Supply Chain Using Open Source Tools
In the past few years, the number of software supply chain attacks against companies has skyrocketed. The incessant threat is pushing organizations to start figuring out their own solutions to supply chain security. The recent...
Open source Meetup
Highlights From Anchore Open Source Meetup - September 2021
Hear developers and security practitioners share their tips, tricks and lessons learned on securing containers. This session is focused on using open source tools, including Sigstore, Syft, and Grype to improve your software supply chain security.
Blog
Expanding Container Security: Announcing Anchore Engine 1.0 and the Role of Syft and Grype
Anchore Engine 1.0 includes a focused feature set for securing cloud-native development environments and also represents an update to Anchore's overall approach to delivering DevSecOps-focused open source tools.
