grype 是一款针对容器镜像和文件系统的漏洞扫描器
syft 是一个 CLI 工具和 Go 库,用于从容器镜像和文件系统生成软件物料清单(SBOM)
Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic s...