sbom

  syft 是一个 CLI 工具和 Go 库，用于从容器镜像和文件系统生成软件物料清单（SBOM）

  The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

  Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic s...