Package: wnpp Severity: wishlist Owner: Juan Manuel Méndez Rey <[email protected]>
* Package name : syft * Version : 1.20.0 * Upstream Author : Anchore, Inc. <[email protected]> * URL : https://github.com/anchore/syft * License : Apache-2.0 * Programming Lang: Go * Description : CLI tool for generating Software Bill of Materials from container images and filesystems syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Features: - Generates SBOMs for container images, filesystems, and archives - Supports dozens of package ecosystems (Alpine, Debian, RPM, Go, Python, Java, JavaScript, Ruby, Rust, PHP, .NET, and more) - Supports OCI, Docker, and Singularity image formats - Multiple output formats (CycloneDX, SPDX, Syft JSON) - Works seamlessly with Grype for vulnerability scanning - Can create signed SBOM attestations using in-toto specification This package is essential for software supply chain security workflows and complements existing efforts to bring Sigstore tools (cosign, gitsign) into Debian. This package is essential for software supply chain security workflows and complements existing efforts to bring Sigstore tools (cosign, grype, gitsign) into Debian.
