Anchore Open
Source Tools.

Developer-friendly scanning tools for
container image security.

Syft

A CLI tool for generating a Software Bill of Materials (SBOM) from container images and filesystems.

Grype

An easy-to-integrate open source vulnerability scanning tool for container images and filesystems.

Tools you need. Simplicity you’ll love.

Don’t take our word for it, hear what the community is saying about our open source tools.

Open Source tools for container security.

Generate a comprehensive Software Bill of Materials (SBOM) with a CLI tool.
Gain visibility down to the file level.
Automatically generate SBOMs in your CI/CD pipeline.
Uncover direct and transitive dependencies.
Output SBOMs in JSON, SPDX, and CycloneDX formats.
Quickly generate a list of known vulnerabilities from an SBOM, container image, or project directory.
Scan OS and language-specific packages.
View optimized results across vulnerability sources.
Automate scans in your CI/CD pipeline.
Combine with Syft for faster scans.

Get up and running
in minutes.

Tutorials and documentation for easy implementation.
Tutorials and documentation for easy implementation.

Open source foundation, enterprise-ready.

Anchore Enterprise builds on open source Syft and Grype to deliver a continuous compliance and security solution built for the needs of enterprises and government agencies. Secure development pipelines across multiple teams and toolchains. Provide security teams with the visibility and policy controls they need to ensure compliance.

GitHub

Get the source code and contribute to the project.

Slack

Join our Slack channel and chat with community members.

Twitter

Follow us on Twitter to stay current with the latest Anchore developments.

Demo

See how Anchore can help secure your software supply chain.