Syft Alternatives

Similar projects and alternatives to syft

Apache Log4j 2

108 3,268 9.9 Java syft VS Apache Log4j 2

Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
trivy

82 21,316 9.7 Go syft VS trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
kubescape

76 9,686 9.5 Go syft VS kubescape

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
lynis

72 12,507 7.8 Shell syft VS lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Zabbix

69 3,788 10.0 PHP syft VS Zabbix

Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
grype

56 7,623 9.5 Go syft VS grype

A vulnerability scanner for container images and filesystems
checkov

54 6,512 9.9 Python syft VS checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
falco

42 6,895 9.8 C++ syft VS falco

Cloud Native Runtime Security
Lean and Mean Docker containers

38 18,165 9.1 Go syft VS Lean and Mean Docker containers

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
lunasec

36 1,406 5.5 TypeScript syft VS lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Kyverno

35 5,105 9.9 Go syft VS Kyverno

Kubernetes Native Policy Management
cosign

30 4,068 9.6 Go syft VS cosign

Code signing and transparency for containers and binaries
clair

21 10,030 9.2 Go syft VS clair

Vulnerability Static Analysis for Containers
kube-bench

23 6,649 8.4 Go syft VS kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
cargo-auditable

23 547 7.9 Rust syft VS cargo-auditable

Make production Rust binaries auditable
dependency-track

18 2,315 9.8 Java syft VS dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
cargo-update

11 1,125 6.6 Rust syft VS cargo-update

A cargo subcommand for checking and applying updates to installed executables
kube-hunter

10 4,613 4.5 Python syft VS kube-hunter

Hunt for security weaknesses in Kubernetes clusters
cdxgen

3 442 9.4 JavaScript syft VS cdxgen

Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
JaCoCo

7 4,014 8.3 Java syft VS JaCoCo

:microscope: Java Code Coverage Library
SaaSHub

www.saashub.com sponsored

SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better syft alternative or higher similarity.

Suggest an alternative to syft

syft reviews and mentions

Posts with mentions or reviews of syft. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-22.

An Overview of Kubernetes Security Projects at KubeCon Europe 2023
17 projects | dev.to | 22 May 2023

Syft is a popular open source CLI tool created by Anchore for generating an SBOM from container images and filesystems. It’s designed to provide a catalog of dependencies for other tools to use as a data source. It supports many popular programming languages, package managers, and container image formats.
Launch HN: EdgeBit (YC W23) – live software vulnerability analysis
3 projects | news.ycombinator.com | 1 Mar 2023

Inside of the SBOMs, we can detect a lot: https://github.com/anchore/syft#supported-ecosystems
You're right that the active/dormant detection needs to be customized per type of runtime. We cover rpm/deb, python and java with the node and others coming very soon. The compiled languages will be our main focus next. For example, Go binaries embed some dependency metadata in the binary itself.
Also related to this effort is the "in-toto" integrity chain: https://in-toto.io/in-toto/ Since we're already connecting build to run, we aim to complete the chain.
Building a software bill of materials (SBOM) using open source tools
1 project | dev.to | 1 Feb 2023

Installing syft is pretty straight forward. On any Linux/Mac environment you can run the following command to install
Free tool for generating SBOM and CVEs against source or binaries
3 projects | /r/cybersecurity | 21 Dec 2022
'cargo auditable' can now be used as a drop-in replacement for Cargo
5 projects | /r/rust | 9 Dec 2022

The data format is supported by cargo audit, Syft and Trivy. Reading it from your own tools is also very easy.
12 Things You Might Not Know About Buildpacks
8 projects | dev.to | 1 Dec 2022

A Software-Bill-of-Materials (SBOM) lists all the software components included in an image. Buildpacks support SBOMs in CycloneDX, Syft and SPDX formats.
`cargo audit` can now scan compiled binaries
6 projects | /r/rust | 2 Nov 2022

I think you can already do that using Syft.
Keeping up with dependencies like a boss
2 projects | /r/programming | 1 Nov 2022

I'll continue relying on Anitya for the feed and syft/grype to build my SBOM and track vulnerabilities.
Wake-up call: why it's urgent to deal with your hardcoded credentials
2 projects | dev.to | 30 Oct 2022

Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
3 ways to improve your OSS project's resilience for Hacktoberfest
1 project | dev.to | 30 Sep 2022

Syft is a popular open source tool that generates SBOMs for software applications and also containers. You can execute it manually and include the generated artifacts into your release, but you can also automate the process using a GitHub Action that will be triggered whenever you have a new release on your repository.
A note from our sponsor - SaaSHub
www.saashub.com | 25 Apr 2024

SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic syft repo stats

Mentions

Stars

5,451

Activity

9.8

Last Commit

3 days ago

anchore/syft is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of syft is Go.

Popular Comparisons