Skip to content

Generating a Docker SBOM with Syft

Syft can be installed as:

curl -sSfL https://get.anchore.io/syft | sudo sh -s -- -b /usr/local/bin

You can find the full installation methods documentation, here.

You can then generate a cyclonedx-json SBOM for a given myimage Docker image as: 

syft myimage -o cyclonedx-json > bom.json

You can then feed it to the CVEScan scan-inventory subcommand:

cvescan scan-inventory --inventory bom.json

The produced report can be explored and/or uploaded to CVEScan WebUI.