oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2025-11-17 00:13:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add llms.txt to describe this repo to our AI overlords 🤖

Browse Source 
Signed-off-by: Alan Pope <alan.pope@anchore.com>
This commit is contained in:
Alan Pope 2025-08-27 14:40:53 +01:00
parent 2d8e337d34
commit d7d690a3ad
1 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
llms.txt Normal file
View File

@ -0,0 +1,59 @@
# Syft - Software Bill of Materials (SBOM) Generator
Syft is a CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems. It's developed by Anchore and is designed to provide detailed visibility into software packages and dependencies for vulnerability detection and supply chain security.
## Project Overview
**Repository**: https://github.com/anchore/syft
**License**: Apache-2.0
**Language**: Go (1.24.1)
**Maintainer**: Anchore
## Key Features
- Generates SBOMs for container images, filesystems, archives, and more
- Supports multiple output formats (CycloneDX, SPDX, Syft JSON, etc.)
- Works with OCI, Docker and Singularity image formats
- Linux distribution identification
- Integrates with Grype vulnerability scanner
- Supports SBOM attestations using in-toto specification
- Convert between SBOM formats
## Supported Ecosystems
Syft can catalog packages from 25+ ecosystems including:
- Alpine (apk), Debian (dpkg), Red Hat (rpm)
- Go (go.mod, binaries), Java (jar/war/ear), JavaScript (npm/yarn)
- Python (wheel/egg/poetry/requirements.txt), Rust (cargo.lock)
- .NET (deps.json), PHP (composer), Ruby (gem)
- Swift, Dart, Elixir, Erlang, Haskell, R, and many more
## Project Structure
- `cmd/syft/` - CLI application entry point and commands
- `syft/` - Core library code
- `pkg/` - Package cataloging logic for different ecosystems
- `file/` - File system interaction and cataloging
- `format/` - SBOM format encoders/decoders
- `source/` - Source detection and handling
- `internal/` - Internal utilities and helpers
- `schema/` - JSON schemas for Syft output formats
- `test/` - Integration and CLI tests
## Getting Started
Install syft:
```bash
curl -sSfL https://get.anchore.io/syft | sudo sh -s -- -b /usr/local/bin
```
Generate an SBOM:
```bash
syft <image-or-directory>
```
## Development
Built with Go 1.24.1, uses standard Go tooling with Make and Taskfile for build automation. Comprehensive test suite with both unit and integration tests.
The project follows semantic versioning and has an active community with regular team meetings and contribution guidelines.