Creates software bills of materials (SBOMs) for container images and directories.
Generates and converts between CycloneDX, SPDX, and a custom format.
Detects various GNU/Linux package formats and distributions (Alpine, Debian, RHEL/UBI, etc.) as well as libraries for various programming language ecosystems (Java, Go, Rust, JavaScript, .NET, etc.).
Example output:
$ syft registry.access.redhat.com/ubi9/ubi-micro:latest
NAME VERSION TYPE
basesystem 11-13.el9 rpm
bash 5.1.8-4.el9 rpm
coreutils-single 8.32-31.el9 rpm
filesystem 3.16-2.el9 rpm
glibc 2.34-28.el9_0.2 rpm
glibc-common 2.34-28.el9_0.2 rpm
glibc-minimal-langpack 2.34-28.el9_0.2 rpm
libacl 2.3.1-3.el9 rpm
libattr 2.5.1-3.el9 rpm
libcap 2.48-8.el9 rpm
libgcc 11.2.1-9.4.el9 rpm
libselinux 3.3-2.el9 rpm
libsepol 3.3-2.el9 rpm
ncurses-base 6.2-8.20210508.el9 rpm
ncurses-libs 6.2-8.20210508.el9 rpm
pcre2 10.37-5.el9_0 rpm
pcre2-syntax 10.37-5.el9_0 rpm
redhat-release 9.0-2.17.el9 rpm
setup 2.13.7-6.el9 rpm
tzdata 2022e-1.el9_0 rpm