#go #containers #cyclonedx #docker #golang #hacktoberfest #oci #sbom #spdx #static_analysis #tool

https://github.com/anchore/syft

#kotlin #compliance #copyright #copyright_scan #cyclonedx #dependencies #dependency_graph #hacktoberfest #license #license_checking #license_management #license_scan #open_source_licensing #ospo #oss_compliance #package_manager #package_scan #sbom #sbom_generator #sca #spdx

https://github.com/oss-review-toolkit/ort

#go #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #static_analysis #tool

Syft is a tool that helps create a list of all the software components used in your applications, known as a Software Bill of Materials (SBOM). This list is important for finding vulnerabilities and ensuring that your software complies with licensing rules. By using Syft, you can better manage your software's security and compliance. It works with many types of software and can be used with other tools like Grype to check for vulnerabilities. This helps keep your software safe and up-to-date.

https://github.com/anchore/syft