Package: wnpp
Severity: wishlist
Owner: Juan Manuel Méndez Rey <
vejeta@debian.org>
* Package name : syft
* Version : 1.20.0
* Upstream Author : Anchore, Inc. <
dev@anchore.com>
* URL :
https://github.com/anchore/syft* License : Apache-2.0
* Programming Lang: Go
* Description : CLI tool for generating Software Bill of Materials from container images and filesystems
syft is a CLI tool and Go library for generating a Software Bill of
Materials (SBOM) from container images and filesystems.
Features:
- Generates SBOMs for container images, filesystems, and archives
- Supports dozens of package ecosystems (Alpine, Debian, RPM, Go,
Python, Java, _javascript_, Ruby, Rust, PHP, .NET, and more)
- Supports OCI, Docker, and Singularity image formats
- Multiple output formats (CycloneDX, SPDX, Syft JSON)
- Works seamlessly with Grype for vulnerability scanning
- Can create signed SBOM attestations using in-toto specification
This package is essential for software supply chain security workflows
and complements existing efforts to bring Sigstore tools (cosign, gitsign)
into Debian.This package is essential for software supply chain security workflows
and complements existing efforts to bring Sigstore tools (cosign, grype, gitsign)
into Debian.