Added Syft and Grype for SBOM in CI/DC. #26
dshapi
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Syft and Grype are two open source tools from Anchore that make working with SBOMs surprisingly painless:
Syft generates SBOMs from various sources (container images, directories, etc.)
Grype scans those SBOMs for known vulnerabilities.
The best part? They’re both single Go binaries with no API keys or accounts required. You can run them locally, in CI/CD pipelines, or anywhere else you need them.
Now every run , an action is fired and every service->container is scanned for vulnerabilities.
Beta Was this translation helpful? Give feedback.
All reactions