Security Tools for Modern Development

The Anchore Toolbox is a collection of open source tools for secure software development. They are easy to use, designed to integrate with modern DevOps tools and pipelines, and engineered for speed.


Generate a software bill of materials

/ anchore / syft


Scan for known vulnerabilities

/ anchore / grype

Syft through your projects

Your project contains a whole bunch of images, packages, and artifacts that were created by someone else. And hey, that's good! That's how you're able to get stuff done. But it's important to keep track of it all.

Syft analyzes your project to make a comprehensive software bill of materials (SBOM). That way you know what you're shipping.

Grype about dangerous stuff

There are a lot of known vulnerabilities out there, and information is spread across multiple public databases. Keeping track of it all is a full time job. But you just need to know whether there's something dangerous in your back yard.

Grype quickly scans your project for known vulnerabilities, reporting what it finds. It's built for integration with DevOps tools and pipelines.


Join our Slack community to learn from project developers and help other users.


Contributions of all kinds are encouraged via GitHub Pull Request in each project.


Bugs and feature requests are welcome in the GitHub issue trackers for each project.

These projects are sponsored by Anchore, leaders in DevSecOps workflow and compliance.