sbom-syft

# Syft SBOM Generator ## Overview Syft is a CLI tool and Go library for generating comprehensive Software Bills of Materials (SBOMs) from container images and filesystems. It provides visibility into packages and dependencies across 28+ ecosystems, supporting multiple SBOM formats (CycloneDX, SPDX) for vulnerability management, license compliance, and supply chain security. ## Supported Ecosystems **Languages & Package Managers:** Alpine (apk), C/C++ (conan), Dart (pub), Debian/Ubuntu (dpkg), Dotnet (deps.json), Go (go.mod), Java (JAR/WAR/EAR/Maven/Gradle), JavaScript (npm/yarn), PHP (composer), Python (pip/poetry/setup.py), Red Hat (RPM), Ruby (gem), Rust (cargo), Swift (cocoapods) **Container & System:** OCI images, Docker images, Singularity, container layers, Linux distributions ## Quick Start Generate SBOM for container image: ```bash # Using Docker docker run --rm -v $(pwd):/out anchore/syft:latest <image> -o cyclonedx-json=/out/sbom.json # Local installation syft <image> -o cyclonedx-json=sbom.json # Examples syft alpine:latest -o cyclonedx-json syft docker.io/nginx:latest -o spdx-json syft dir:/path/to/project -o cyclonedx-json ``` ## Core Workflows ### Workflow 1: Container Image SBOM Generation For creating SBOMs of container images: 1. Identify target container image (local or registry) 2. Run Syft to generate SBOM: ```bash syft <image-name:tag> -o cyclonedx-json=sbom-cyclonedx.json ``` 3. Optionally generate multiple formats: ```bash s...