Getting Started
SBOM Generation Getting Started
SBOM Generation
SBOM Generation User Guide
An SBOM, or Software Bill of Materials, is a detailed list of all the components, libraries, and modules that make up a piece of software.
For a developer, having an SBOM is crucial for tracking dependencies, quickly identifying known vulnerabilities within those components, and ensuring license compliance.
For a consumer or organization using the software, an SBOM provides transparency into the software’s supply chain, allowing them to assess potential security risks and understand what’s “under the hood.”
Syft is an open-source command-line tool and Go library. Its primary function is to scan container images, file systems, and archives to automatically generate a Software Bill of Materials, making it easier to understand the composition of software.
- Get Started - Install Syft, create an SBOM and examine the contents.
- Supported Data Sources - The variety of sources supported by our tools.
- File Selection - Specify which files will be cataloged.
- Output Formats - The industry-standard supported SBOM formats.
- Configuration - Configuring Syft for your environment and requirements.
Supported Sources
SBOM Generation Supported Sources
File Selection
SBOM Generation File Selection
Output Formats
SBOM Generation Output Formats
Package Catalogers
SBOM Generation Package Catalogers
Using Templates
SBOM Generation Using Templates
Format Conversion (experimental)
SBOM Generation Format Conversion (experimental)
Private Registry Authentication
SBOM Generation Private Registry Authentication
Attestation (experimental)
SBOM Generation Attestation (experimental)
Configuration
SBOM Generation Configuration