[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5122":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":18,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":37,"readmeContent":38,"aiSummary":39,"trendingCount":16,"starSnapshotCount":16,"syncStatus":40,"lastSyncTime":41,"discoverSource":42},5122,"syft","anchore\u002Fsyft","anchore","CLI tool and library for generating a Software Bill of Materials from container images and filesystems","",null,"Go",9091,870,66,496,0,4,24,180,94.82,"Apache License 2.0",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36],"containers","cyclonedx","docker","go","golang","hacktoberfest","oci","sbom","spdx","static-analysis","tool","2026-06-12 04:00:24","\u003Cp align=\"center\">\n    \u003Cimg src=\"https:\u002F\u002Fuser-images.githubusercontent.com\u002F5199289\u002F136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png\" width=\"271\" alt=\"Cute pink owl syft logo\">\n\u003C\u002Fp>\n\n# Syft\n\n**A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like [Grype](https:\u002F\u002Fgithub.com\u002Fanchore\u002Fgrype).**\n\n\u003Cp align=\"center\">\n &nbsp;\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft\u002Factions\u002Fworkflows\u002Fvalidations.yaml\" target=\"_blank\">\u003Cimg alt=\"Validations\" src=\"https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft\u002Factions\u002Fworkflows\u002Fvalidations.yaml\u002Fbadge.svg\">\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca href=\"https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fgithub.com\u002Fanchore\u002Fsyft\" target=\"_blank\">\u003Cimg alt=\"Go Report Card\" src=\"https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fanchore\u002Fsyft\">\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft\u002Freleases\u002Flatest\" target=\"_blank\">\u003Cimg alt=\"GitHub release\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Fanchore\u002Fsyft.svg\">\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft\" target=\"_blank\">\u003Cimg alt=\"GitHub go.mod Go version\" src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fgo-mod\u002Fgo-version\u002Fanchore\u002Fsyft.svg\">\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca href=\"\" target=\"_blank\">\u003Cimg alt=\"License: Apache-2.0\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-blue.svg\">\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca href=\"https:\u002F\u002Fanchore.com\u002Fdiscourse\" target=\"_blank\">\u003Cimg alt=\"Join our Discourse\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscourse-Join-blue?logo=discourse\"\u002F>\u003C\u002Fa>&nbsp;\n &nbsp;\u003Ca rel=\"me\" href=\"https:\u002F\u002Ffosstodon.org\u002F@syft\">\u003Cimg alt=\"Follow on Mastodon\" src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMastodon-Follow-blue?logoColor=white&logo=mastodon\"\u002F>\u003C\u002Fa>&nbsp;\n\u003C\u002Fp>\n\n![syft-demo](https:\u002F\u002Fuser-images.githubusercontent.com\u002F590471\u002F90277200-2a253000-de33-11ea-893f-32c219eea11a.gif)\n\n## Features\n\n- Generates SBOMs for **container images**, **filesystems**, **archives** (see the docs for a full list of [supported scan targets](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fscan-targets\u002F))\n- Supports dozens of packaging ecosystems (e.g. Alpine (apk), Debian (dpkg), RPM, Go, Python, Java, JavaScript, Ruby, Rust, PHP, .NET, and [many more](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fcapabilities\u002Fall-packages\u002F))\n- Supports OCI, Docker, [Singularity](https:\u002F\u002Fgithub.com\u002Fsylabs\u002Fsingularity), and [more image formats](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fscan-targets\u002F)\n- Works seamlessly with [Grype](https:\u002F\u002Fgithub.com\u002Fanchore\u002Fgrype) for vulnerability scanning\n- Multiple output formats (**CycloneDX**, **SPDX**, **Syft JSON**, and [more](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fformats\u002F)) including the ability to [convert between SBOM formats](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fconversion\u002F)\n- Create signed SBOM attestations using the [in-toto specification](https:\u002F\u002Fgithub.com\u002Fin-toto\u002Fattestation\u002Fblob\u002Fmain\u002Fspec\u002FREADME.md)\n\n> [!TIP]\n> **New to Syft? Check out the [Getting Started guide](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fgetting-started\u002F) for a walkthrough!**\n\n## Installation\n\nThe quickest way to get up and going:\n```bash\ncurl -sSfL https:\u002F\u002Fget.anchore.io\u002Fsyft | sudo sh -s -- -b \u002Fusr\u002Flocal\u002Fbin\n```\n\n> [!TIP]\n> **See [Installation docs](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Finstallation\u002Fsyft\u002F) for more ways to get Syft, including Homebrew, Docker, Scoop, Chocolatey, Nix, and more!**\n\n## The basics\n\nSee the packages within a container image or directory:\n\n```bash\n# container image\nsyft alpine:latest\n\n# directory\nsyft .\u002Fmy-project\n```\n\nTo get an SBOM, specify one or more output formats:\n\n```bash\n# SBOM to stdout\nsyft \u003Cimage> -o cyclonedx-json\n\n# Multiple SBOMs to files\nsyft \u003Cimage> -o spdx-json=.\u002Fspdx.json -o cyclonedx-json=.\u002Fcdx.json\n```\n\n\n> [!TIP]\n> **Check out the [Getting Started guide](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fguides\u002Fsbom\u002Fgetting-started\u002F)** to explore all of the capabilities and features.\n>\n> **Want to know all of the ins-and-outs of Syft?** Check out the [CLI docs](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Freference\u002Fsyft\u002Fcli\u002F),  [configuration docs](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Freference\u002Fsyft\u002Fconfiguration\u002F), and [JSON schema](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Freference\u002Fsyft\u002Fjson\u002Flatest\u002F).\n\n\n## Contributing\n\nWe encourage users to help make these tools better by [submitting issues](https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft\u002Fissues) when you find a bug or want a new feature. \nCheck out our [contributing overview](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fcontributing\u002F) and [developer-specific documentation](https:\u002F\u002Foss.anchore.com\u002Fdocs\u002Fcontributing\u002Fsyft\u002F) if you are interested in providing code contributions.\n\n\n\n\u003Cp xmlns:cc=\"http:\u002F\u002Fcreativecommons.org\u002Fns#\" xmlns:dct=\"http:\u002F\u002Fpurl.org\u002Fdc\u002Fterms\u002F\">\n  Syft development is sponsored by \u003Ca href=\"https:\u002F\u002Fanchore.com\u002F\">Anchore\u003C\u002Fa>, and is released under the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fanchore\u002Fsyft?tab=Apache-2.0-1-ov-file\">Apache-2.0 License\u003C\u002Fa>.\n  The \u003Ca property=\"dct:title\" rel=\"cc:attributionURL\" href=\"https:\u002F\u002Fanchore.com\u002Fwp-content\u002Fuploads\u002F2024\u002F11\u002Fsyft-logo.svg\">Syft logo\u003C\u002Fa> by \u003Ca rel=\"cc:attributionURL dct:creator\" property=\"cc:attributionName\" href=\"https:\u002F\u002Fanchore.com\u002F\">Anchore\u003C\u002Fa> is licensed under \u003Ca href=\"https:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby\u002F4.0\u002F\" target=\"_blank\" rel=\"license noopener noreferrer\" style=\"display:inline-block;\">CC BY 4.0\u003Cimg style=\"height:22px!important;margin-left:3px;vertical-align:text-bottom;\" src=\"https:\u002F\u002Fmirrors.creativecommons.org\u002Fpresskit\u002Ficons\u002Fcc.svg\" alt=\"\">\u003Cimg style=\"height:22px!important;margin-left:3px;vertical-align:text-bottom;\" src=\"https:\u002F\u002Fmirrors.creativecommons.org\u002Fpresskit\u002Ficons\u002Fby.svg\" alt=\"\">\u003C\u002Fa>\n\u003C\u002Fp>\n\nFor commercial support options with Syft or Grype, please [contact Anchore](https:\u002F\u002Fget.anchore.com\u002Fcontact\u002F).\n\n## Come talk to us!\n\nThe Syft Team holds regular community meetings online. All are welcome to join to bring topics for discussion.\n- Check the [calendar](https:\u002F\u002Fcalendar.google.com\u002Fcalendar\u002Fu\u002F0\u002Fr?cid=Y182OTM4dGt0MjRtajI0NnNzOThiaGtnM29qNEBncm91cC5jYWxlbmRhci5nb29nbGUuY29t) for the next meeting date.\n- Add items to the [agenda](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8\u002Fedit?usp=sharing) (join [this group](https:\u002F\u002Fgroups.google.com\u002Fg\u002Fanchore-oss-community) for write access to the [agenda](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8\u002Fedit?usp=sharing))\n- See you there!\n","Syft 是一个用于从容器镜像和文件系统生成软件物料清单（SBOM）的命令行工具和 Go 语言库。它支持多种打包生态系统，包括Alpine、Debian、RPM等，并能处理OCI、Docker等多种镜像格式。Syft 的核心功能包括生成详细的SBOM，支持CycloneDX、SPDX等多种输出格式，并可与Grype等漏洞扫描工具无缝集成以增强安全性。此外，Syft还允许用户创建符合in-toto规范的签名SBOM证明。该工具非常适合需要对软件供应链进行审计或希望提高容器安全性的开发团队使用。",2,"2026-06-11 03:02:39","top_language"]