sbom-syft

Description

Software Bill of Materials (SBOM) generation using Syft for container images, filesystems, and archives. Detects packages across 28+ ecosystems with multi-format output support (CycloneDX, SPDX, syft-json). Enables vulnerability assessment, license compliance, and supply chain security. Use when: (1) Generating SBOMs for container images or applications, (2) Analyzing software dependencies and packages for vulnerability scanning, (3) Tracking license compliance across dependencies, (4) Integrating SBOM generation into CI/CD for supply chain security, (5) Creating signed SBOM attestations for software provenance.

Tool Access

Full access

Inherits all available tools

Supporting Files

4 files

Additional assets for this skill

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Supporting Assets

assets/ci-config-template.yml

assets/rule-template.yaml

references/EXAMPLE.md

references/WORKFLOW_CHECKLIST.md

Links

GitHub Stats

0 forks

Updated 22 days ago

Related Skills

bash-defensive-patterns

22.8K

Master defensive Bash programming techniques for production-grade scripts. Use when writing robust shell scripts, CI/CD pipelines, or system utilities requiring fault tolerance and safety.

From shell-scripting

bats-testing-patterns

22.8K

Master Bash Automated Testing System (Bats) for comprehensive shell script testing. Use when writing tests for shell scripts, CI/CD pipelines, or requiring test-driven development of shell utilities.

From shell-scripting

shellcheck-configuration

22.8K

Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability.

From shell-scripting