Alternatives and similar repositories for syft:

Users that are interested in syft are comparing it to the libraries listed below

• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆8,915Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆4,541Updated last week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆23,875Updated this week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,104Updated this week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆7,438Updated this week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,725Updated last month
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,107Updated this week
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆8,365Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,383Updated this week
• google / go-containerregistry
  Go library and CLIs for working with container registries
  ☆3,160Updated last week
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,770Updated 8 months ago
• derailed / popeye
  👀 A Kubernetes cluster resource sanitizer
  ☆5,311Updated last week
• kubeshark / kubeshark
  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and paylo…
  ☆11,074Updated this week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,857Updated this week
• zegl / kube-score
  Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in …
  ☆2,800Updated last week
• smallstep / cli
  🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  ☆3,683Updated last week
• turbot / steampipe
  Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
  ☆7,017Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,588Updated last year
• stackrox / kube-linter
  KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adh…
  ☆2,978Updated this week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,563Updated last week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,798Updated 3 months ago
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆2,879Updated this week
• aquasecurity / tracee
  Linux Runtime Security and Forensics using eBPF
  ☆3,642Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,627Updated this week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆2,724Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆4,774Updated 2 weeks ago
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆10,493Updated last month
• siderolabs / talos
  Talos Linux is a modern Linux distribution built for Kubernetes.
  ☆6,964Updated this week
• bitnami-labs / sealed-secrets
  A Kubernetes controller and tool for one-way encrypted Secrets
  ☆7,736Updated last week