Syft and Grype for SBOM management
from pylapp@programming.dev to programming@programming.dev on 30 May 2025 15:45
https://programming.dev/post/31312717
from pylapp@programming.dev to programming@programming.dev on 30 May 2025 15:45
https://programming.dev/post/31312717
With the arrival of Cyber Resilience Act it can be helpful to generate a Software Bill of Materials (SBOM), and to process other to look for known vulnerabilities.
Two open source tools under Apache 2.0 license:
- Syft, for SBOM generation: github.com/anchore/syft
- Grype, to process then the SBOM: github.com/anchore/grype
threaded - newest