Getting Started
Use Syft to generate your first SBOM from container images, directories, or archives.
SBOM Generation
Learn how to create a Software Bill of Materials (SBOMs) for container images, filesystems, and archives using Syft.
Supported Scan Targets
Explore the different scan targets Syft supports including container images, OCI registries, directories, files, and archives.
Output Formats
Choose from multiple SBOM output formats including SPDX, CycloneDX, and Syft’s native JSON format.
Working with JSON
Learn how to work with Syft’s native JSON format including querying with jq, extracting metadata, and understanding the SBOM structure.
Package Catalogers
Configure which package catalogers Syft uses to discover software components including language-specific and file-based catalogers.
File Selection
Control which files and directories Syft includes or excludes when generating SBOMs.
Using Templates
Create custom SBOM output formats using Go templates with available data fields to build tailored reports for specific tooling or compliance requirements.
Format Conversion
Convert existing SBOMs between different formats including SPDX and CycloneDX using Syft’s experimental conversion capabilities.
Attestation
Generate cryptographically signed SBOM attestations using in-toto and Sigstore to create, verify, and attach attestations to container images for supply chain security.