Syft Software Bill of Materials (SBOM)

Syft is a high-performance open-source CLI tool and library for generating a Software Bill of Materials (SBOM) from container images and filesystems. It was originally developed by Anchore, Inc., a company specializing in container security. The tool is designed to provide deep visibility into software components, including packages, libraries, and licenses, which is essential for vulnerability management and supply chain security.

As an open-source project, Syft is developed and maintained by a global community of contributors, though its primary roadmap and commercial backing come from Anchore, headquartered in the United States. It integrates seamlessly with other DevSecOps tools and supports various output formats such as JSON, CycloneDX, and SPDX, making it a cornerstone for modern software supply chain transparency.