Security Tools for Modern Development

The Anchore Toolbox is a collection of open source tools for secure software development. They are easy to use, designed to integrate with modern DevOps tools and pipelines, and engineered for speed.

Syft

Generate a software bill of materials

/ anchore / syft

Grype

Scan for known vulnerabilities

/ anchore / grype

Syft through your projects

Your project contains a whole bunch of images, packages, and artifacts that were created by someone else. And hey, that's good! That's how you're able to get stuff done. But it's important to keep track of it all.

Syft analyzes your project to make a comprehensive software bill of materials (SBOM). That way you know what you're shipping.

Grype about dangerous stuff

There are a lot of known vulnerabilities out there, and information is spread across multiple public databases. Keeping track of it all is a full time job. But you just need to know whether there's something dangerous in your back yard.

Grype quickly scans your project for known vulnerabilities, reporting what it finds. It's built for integration with DevOps tools and pipelines.

Discuss

Join our Slack community to learn from project developers and help other users.

Contribute

Contributions of all kinds are encouraged via GitHub Pull Request in each project.

Report

Bugs and feature requests are welcome in the GitHub issue trackers for each project.

These projects are sponsored by Anchore, leaders in DevSecOps workflow and compliance.