CORE FUNCTION

Automates the generation of Software Bill of Materials (SBOM) for containers and filesystems within GitHub Actions workflows using the Syft tool.

TRACTION

stars

228

0.0 velocity

forks

0.0 velocity

REASONING

This project is a wrapper for Anchore's Syft tool. While Syft itself is a high-quality scanner, this repository is a CI/CD integration. It faces competition from GitHub's native dependency graph and export features, but maintains a niche for users requiring deep container inspection and specific industry-standard formats (SPDX, CyclonDX) not fully supported by basic platform tools.

COMPOSABILITY

TECH STACK

GitHub ActionsGoSyftDockerYAML

INTEGRATION

cli_tool

sbom_generationsupply_chain_securityartifact_inventoryvulnerability_management

READINESS

Composabilitycomponent

Depthproduction

Noveltyreimplementation