syft
Software inventory tool
Generates detailed visibility into software packages and dependencies to manage vulnerabilities and license compliance.
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
6k stars
59 watching
574 forks
Language: Go
last commit: 6 days ago
Linked from 5 awesome lists
containerscyclonedxdockergogolanghacktoberfestocisbomspdxstatic-analysistool
veggiemonk/awesome-docker
rootsongjc/awesome-cloud-native
teamssix/awesome-cloud-security
jakobthedev/awesome-devsecops
funkmyster/awesome-cloud-securityRelated projects:
| Repository | Description | Stars |
|---|---|---|
| anchore/grype | A tool for detecting vulnerabilities in container images and filesystems | 8,812 |
 future-architect/vuls | A tool to automatically scan and report on vulnerabilities in software systems. | 10,994 |
 edersonbrilhante/vilicus | An open-source tool that orchestrates security scans of container images and centralizes the results into a database for analysis and metrics. | 85 |
 albuch/sbt-dependency-check | Automatically monitors dependencies for known vulnerabilities and generates reports on security issues | 266 |
 hasherezade/pe-sieve | A tool for detecting and analyzing malicious code in executables | 3,103 |
 linuxserver/docker-swag | A Docker container that sets up an Nginx webserver and reverse proxy with PHP support, including automated SSL certificate generation and renewal, as well as intrusion prevention. | 2,904 |
 kubescape/kubescape | A comprehensive security platform for Kubernetes environments that integrates risk analysis, security, compliance, and misconfiguration scanning across the entire development and deployment lifecycle. | 10,232 |
 zubux/drydock | Tools for assessing Docker daemon configuration and container security | 65 |
 aquasecurity/trivy | Automatically scans software projects for vulnerabilities and misconfigurations to ensure security and compliance. | 23,679 |
 deepfence/secretscanner | A tool that scans container images and file systems for sensitive data such as passwords and keys. | 3,134 |
 projectdiscovery/nuclei | A vulnerability scanner built on YAML templates to identify weaknesses in applications and networks. | 20,687 |
 diego-treitos/linux-smart-enumeration | A tool for gathering information about the security of a Linux system to help identify vulnerabilities and potentially escalate privileges. | 3,443 |
 dominicbreuker/stego-toolkit | A collection of steganography tools for solving CTF challenges | 2,403 |
 snyk/cli | A command-line tool that scans and monitors software development projects for security vulnerabilities. | 4,952 |
 zardus/ctf-tools | A collection of setup scripts and tools for security research. | 8,518 |