Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Mar 29, 2022
Mar 2022
Trial ? Worth pursuing. It is important to understand how to build up this capability. Enterprises should try this technology on a project that can handle the risk.

One of the key elements of improving "supply chain security" is using a Software Bill of Materials (SBOM), which is why publishing an SBOM along with the software artifact is increasingly important. Syft is a CLI tool and Go library for generating an SBOM from container images and file systems. It can generate the SBOM output in multiple formats, including JSON, CycloneDX and SPDX. The SBOM output of Syft can be used by Grype for vulnerability scanning. One way to publish the generated SBOM along with the image is to add it as an attestation using Cosign. This allows consumers of the image to verify the SBOM and to use it for further analysis.


Download Technology Radar Volume 26

English | Español | Português | 中文


Stay informed about technology


Subscribe now

Visit our archive to read previous volumes