Open Source Container Security

API-centric open source tools for container vulnerability scanning and SBOM generation


Open Source Tools for Container Security

Branding_Logo_Syft_Flat_Digital 1


Generate a comprehensive Software Bill of Materials (SBOM) with a CLI tool.

Gain visibility down to the file level

Automatically generate SBOMs in your CI/CD pipeline

Uncover direct and transitive dependencies

Output SBOMs in JSON, SPDX, and CycloneDX formats

Branding_Logo_Grype_Digital 1


Quickly scan and generate a list of known vulnerabilities from an SBOM, container image or project directory.

Scan OS and language-specific packages

Get optimized results across vulnerability sources

Automate scans in your CI/CD pipeline

Combine with Syft for faster scans

Get Up and Running in Minutes

Tutorials and documentation for easy implementation

Integration guides for the tools you use

Extend to the Enterprise

Combine Syft and Grype with Anchore Enterprise for the visibility and control you need to secure your software supply chain.

Enterprise_Overview 1

More on Open Source



Drop an SBOM: How to Secure Your Software Supply Chain Using Open Source Tools

In the past few years, the number of software supply chain attacks against companies has skyrocketed. The incessant threat is pushing organizations to start figuring out their own solutions to supply chain security. The recent...


Open source Meetup

Highlights From Anchore Open Source Meetup - September 2021

Hear developers and security practitioners  share their tips, tricks and lessons learned on securing containers. This session is focused on using open source tools, including Sigstore, Syft, and Grype to improve your software supply chain security.



Expanding Container Security: Announcing Anchore Engine 1.0 and the Role of Syft and Grype

Anchore Engine 1.0 includes a focused feature set for securing cloud-native development environments and also represents an update to Anchore's overall approach to delivering DevSecOps-focused open source tools.

Join the Anchore Community



Get the source code and contribute to the project.

The 3 shades of SecDevOps


Join our Slack channel and chat with community members.



Follow us on Twitter to stay up to date with new Anchore developments.