Service

Syft

Readiness Level
Advanced
Syft
Related topics:
Cybersecurity Best Practices, Cyber Threats and Advisories

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Description

Syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. It also supports CycloneDX/SPDX and JSON format. Syft can be installed and run directly on the developer machine to generate SBOMs against software being developed locally or can be pointed at a filesystem.

Tags

Audience
Educational Institutions, Executives, Federal Government, Industry, Small and Medium Businesses, Faith-Based Community, State, Local, Tribal, and Territorial Government
Topics
Cybersecurity Best Practices, Cyber Threats and Advisories

Related Services

Intermediate

Semgrep

Semgrep OSS is an open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time.
Foundational

ThreatMapper

ThreatMapper is a platform that understands the risks and build a prioritized list to be used as a guide for remediation.
Foundational

Velocity

Velocity is a cyber risk quantification platform that evaluates both internal cyber maturity and third-party risk.