Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats. - Source: dev.to / 12 months ago
I saw https://fossa.com/ and https://anchore.com/ which seem to solve what I have in mind but I wanted to know if there's maybe an open source way of getting a better overview besides running trivy sbom everytime I want to know something about a given sbom file. Source: over 1 year ago
For docker image scan, we rely on the Container Scan (GitHub Action) maintained by Anchore. - Source: dev.to / almost 2 years ago
Fortunately anchore provides a set of ready to use tools that helps... a lot :. - Source: dev.to / about 2 years ago
I use sbt-dependency-check and https://anchore.com/ too to scan my docker images. The results are loaded into sonar-scanner as a step in my CI pipeline. Source: almost 3 years ago
Do you know an article comparing Anchore to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Anchore. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.