syft
« Back to VersTracker
Description:
CLI for generating a Software Bill of Materials from container images
Type: Formula  |  Latest Version: 1.39.0@0  |  Tracked Since: Nov 17, 2025
Links: Homepage  |  @anchore  |  formulae.brew.sh
Category: Security
Tags: security sbom containers devsecops compliance
Install: brew install syft
About:
Syft is a command-line tool that analyzes container images and filesystems to generate a detailed Software Bill of Materials (SBOM). It identifies packages, libraries, and dependencies, outputting in multiple standard formats like SPDX and CycloneDX. Its main value is providing deep visibility into software composition for security and compliance workflows.
Key Features:
  • Generates SBOMs from container images and filesystems
  • Supports multiple output formats (SPDX, CycloneDX, JSON)
  • Identifies packages across many ecosystems (APK, DEB, RPM, npm, etc.)
  • Integrates with Grype for vulnerability scanning
  • CLI-first design for automation and CI/CD pipelines
Use Cases:
  • Software supply chain security and vulnerability management
  • Open source license compliance and audit
  • Container image analysis in CI/CD pipelines
Alternatives:
  • trivy – Trivy is a broader security scanner that includes vulnerability detection, while Syft focuses specifically on comprehensive SBOM generation.
  • docker scout – Docker Scout provides SBOM and vulnerability analysis integrated into Docker's ecosystem, whereas Syft is a standalone, vendor-neutral tool.
Version History
Detected Version Rev Change Commit
Dec 27, 2025 6:37pm 1.39.0 0 VERSION_BUMP 4761e43b
Dec 22, 2025 11:32pm 1.38.2 0 VERSION_BUMP 7ef100ed
Nov 17, 2025 8:29pm 0 VERSION_BUMP 5ab98ccf
Nov 3, 2025 8:34pm 0 VERSION_BUMP 08839cff
Oct 15, 2025 10:23pm 0 VERSION_BUMP da12994a
Sep 16, 2025 2:06am 0 VERSION_BUMP ae170553
Oct 28, 2024 9:53pm 0 VERSION_BUMP 2c0e9388
« Back to VersTracker  |  Browse Packages  |  About