Alternatives and similar repositories for syft

Users that are interested in syft are comparing it to the libraries listed below

• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆10,022Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆5,005Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆27,157Updated this week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆8,000Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,662Updated this week
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,881Updated last year
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆7,487Updated this week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,098Updated this week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,527Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,587Updated 2 years ago
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,836Updated 2 weeks ago
• google / go-containerregistry
  Go library and CLIs for working with container registries
  ☆3,388Updated last week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,922Updated 5 months ago
• getsops / sops
  Simple and flexible tool for managing secrets
  ☆18,720Updated this week
• aquasecurity / tracee
  Linux Runtime Security and Forensics using eBPF
  ☆3,922Updated 2 weeks ago
• kubeshark / kubeshark
  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and paylo…
  ☆11,384Updated this week
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆9,328Updated last week
• containerd / nerdctl
  contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
  ☆8,992Updated this week
• open-policy-agent / opa
  Open Policy Agent (OPA) is an open source, general-purpose policy engine.
  ☆10,344Updated last week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,931Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,956Updated last month
• cilium / tetragon
  eBPF-based Security Observability and Runtime Enforcement
  ☆4,021Updated this week
• tellerops / teller
  Cloud native secrets management for developers - never leave your command line for secrets.
  ☆3,056Updated 10 months ago
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆1,901Updated this week
• GoogleContainerTools / kaniko
  Build Container Images In Kubernetes
  ☆15,623Updated 2 weeks ago
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,930Updated this week
• turbot / steampipe
  Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
  ☆7,364Updated this week
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆2,990Updated last week
• derailed / popeye
  👀 A Kubernetes cluster resource sanitizer
  ☆5,887Updated this week
• pixie-io / pixie
  Instant Kubernetes-Native Application Observability
  ☆6,056Updated this week