Alternatives and similar repositories for syft

Users that are interested in syft are comparing it to the libraries listed below

• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆10,166Updated this week
• sigstore / cosign
  Code signing and transparency for containers and binaries
  ☆5,035Updated this week
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆27,345Updated this week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,844Updated last month
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,398Updated this week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆8,039Updated this week
• goodwithtech / dockle
  Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
  ☆2,940Updated 6 months ago
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆9,401Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,682Updated this week
• google / go-containerregistry
  Go library and CLIs for working with container registries
  ☆3,408Updated this week
• hadolint / hadolint
  Dockerfile linter, validate inline bash, written in Haskell
  ☆11,309Updated 3 months ago
• runatlantis / atlantis
  Terraform Pull Request Automation
  ☆8,341Updated this week
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,122Updated this week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆4,968Updated this week
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆11,984Updated this week
• moby / buildkit
  concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
  ☆9,176Updated this week
• dexidp / dex
  OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
  ☆9,970Updated this week
• tellerops / teller
  Cloud native secrets management for developers - never leave your command line for secrets.
  ☆3,061Updated 11 months ago
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,587Updated 2 years ago
• derailed / popeye
  👀 A Kubernetes cluster resource sanitizer
  ☆5,910Updated this week
• gruntwork-io / terratest
  Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
  ☆7,705Updated this week
• GoogleContainerTools / kaniko
  Build Container Images In Kubernetes
  ☆15,638Updated last month
• opencost / opencost
  Cost monitoring for Kubernetes workloads and cloud costs
  ☆5,854Updated this week
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆7,510Updated this week
• containerd / nerdctl
  contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
  ☆9,031Updated this week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,930Updated last week
• aquasecurity / kube-bench
  Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  ☆7,558Updated last week
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆2,998Updated this week
• aquasecurity / kube-hunter
  Hunt for security weaknesses in Kubernetes clusters
  ☆4,888Updated last year
• kubeshark / kubeshark
  The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and paylo…
  ☆11,403Updated 2 weeks ago