In our "One Minute Security," we introduce some quick ways to use Syft and Grype to build an SBOM and scan containers for security vulnerabilities.
Alan demonstrates how to:
* Use Syft to get a human-readable list of packages in a container
* Build an SBOM in JSON format, which can be consumed by other tools
* Use Grype to ingest the SBOM to determine if there are any unfixed vulnerabilities in the container
* Find any critical vulnerabilities in the container
* Learn more about the vulnerability using 'grype explain'
All in one minute!
Accompanying discourse post containing all the commands used in this video: [ Ссылка ]
Find out more:
- Anchore Open Source: [ Ссылка ]
- Anchore Community Discourse: [ Ссылка ]
- Anchore Open Source GitHub repo: [ Ссылка ]
#sbom #security #opensource
