anchore / syftLinks
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
☆7,044Updated this week
Alternatives and similar repositories for syft
Users that are interested in syft are comparing it to the libraries listed below
Sorting:
- A vulnerability scanner for container images and filesystems☆9,893Updated this week
- Code signing and transparency for containers and binaries☆4,944Updated last week
- Vulnerability Static Analysis for Containers☆10,640Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,364Updated this week
- Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.☆7,334Updated last week
- Cloud Native Runtime Security☆7,948Updated this week
- Tfsec is now part of Trivy☆6,825Updated 3 weeks ago
- Go library and CLIs for working with container registries☆3,371Updated this week
- Work with remote images registries - retrieving information, images, signing content☆9,219Updated last week
- The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and paylo…☆11,366Updated last week
- A service that analyzes docker images and scans for vulnerabilities☆1,586Updated 2 years ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,052Updated last week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆11,689Updated this week
- yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor☆13,454Updated 2 weeks ago
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆26,874Updated last week
- Boundary enables identity-based access management for dynamic infrastructure.☆3,924Updated this week
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,937Updated 3 weeks ago
- OpenSSF Scorecard - Security health metrics for Open Source☆4,908Updated last week
- 👀 A Kubernetes cluster resource sanitizer☆5,845Updated last week
- The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in productio…☆9,390Updated 7 months ago
- The easiest, and most secure way to access and protect all of your infrastructure.☆18,562Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆4,865Updated last year
- Open Policy Agent (OPA) is an open source, general-purpose policy engine.☆10,296Updated this week
- Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark☆7,458Updated this week
- A tool that facilitates building OCI images.☆7,881Updated last week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,429Updated this week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆2,988Updated this week
- Dockerfile linter, validate inline bash, written in Haskell☆10,950Updated 2 months ago
- Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in …☆2,898Updated 2 weeks ago
- Open source vulnerability DB and triage service.☆1,875Updated this week