Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes container images and filesystems to produce comprehensive inventories of installed packages and dependencies in standard formats. Additionally, it serves as a software attestation tool and an SBOM format converter. The project distinguishes itself through the ability to create cryptographically signed attestations for software inventories to ensure provenance and integrity. It also provides the capability to transform software bills of materials between different industry sche
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Pin and update Docker image digests in Dockerfiles and compose files
Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc
Docker Scout CLI
الميزات الرئيسية لـ docker/scout-cli هي: Image Scanning and SBOM.
تشمل البدائل مفتوحة المصدر لـ docker/scout-cli: anchore/grype — Grype is a command-line security scanner designed to identify known vulnerabilities within container images,… anchore/syft — Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes… aquasecurity/trivy — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container… deadnews/pindock — Pin and update Docker image digests in Dockerfiles and compose files. in-toto/in-toto — in-toto is a framework to protect supply chain integrity. in-toto/witness — Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies…