CLI tool and library for generating a Software Bill of Materials from container images and filesystems (by anchore)

Syft Alternatives

Similar projects and alternatives to syft

  • grype

    A vulnerability scanner for container images and filesystems

  • trivy

    6 syft VS trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • falco

    3 syft VS falco

    Cloud Native Runtime Security

  • clair

    2 syft VS clair

    Vulnerability Static Analysis for Containers

  • cdxgen

    - syft VS cdxgen

    Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack:

  • checkov

    2 syft VS checkov

    Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  • lynis

    1 syft VS lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • kubescape

    Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  • kube-hunter

    2 syft VS kube-hunter

    Hunt for security weaknesses in Kubernetes clusters

  • Kyverno

    Kubernetes Native Policy Management

  • Apache Log4j 2

    Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

  • cargo-auditable

    Make production Rust binaries auditable

  • kube-bench

    Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

  • cosign

    Code signing and transparency for containers and binaries

  • lunasec

    2 syft VS lunasec

    LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App:

  • vmclarity

    VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities

  • Lean and Mean Docker containers

    Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

  • JaCoCo

    1 syft VS JaCoCo

    :microscope: Java Code Coverage Library

  • Zabbix

    1 syft VS Zabbix

    Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better syft alternative or higher similarity.

syft reviews and mentions

Posts with mentions or reviews of syft. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-22.


Basic syft repo stats
about 22 hours ago

anchore/syft is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of syft is Go.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives