Syft 1.3.0 is out! This release has:

- a lot of improvements to CPE generation and ID which should result in more accurate SBOMs
- memory usage improvements (if you run Syft on small devices, let us know how it goes!)
- a few other bug fixes

github.com/anchore/syft/r…

Syft 1.2.0 is out! What's new?

- improvements to differentiate between JDK and JRE
- cataloger support for Fedora DNF packages
- better logic to extract the main version number from golang binaries

Get it: github.com/anchore/syft/r…

Syft 1.1.1 is out! There are just a couple of bug fixes in this release including a fix for a crash that may occur scanning a binary without a symtab section.

Get it here: github.com/anchore/syft/r…

T-1 day! Software Security in the real world with Kelsey Hightower and Dan Perry. We will demo:
- #vulnerabilitytesting success or failure,
- insight on security testing and
- compliance for modern environments.
Register today get.anchore.com/software-secur…

If you are a Syft and/or Grype user, definitely check out this webinar next week from Anchore and Kelsey Hightower.

Today (Thursday) at noon ET we are having our regular community meeting and office hours for Syft and Grype (and now, Grant!). Please stop by and say Hi!

Here's the agenda so far: docs.google.com/document/d/1Zt…

Hi everyone, Syft 1.1.0 is out. This version has a few new features for binary cataloging, detection for Oracle GraalVM, and the ability to retrieve remote licenses from package-lock.json. Thanks to all who contributed!

github.com/anchore/syft/r…

Are you using Syft for software license management? Check out Grant, a new open source tool to track license compliance.

Curious about the current state of the NVD (National Vulnerability Database)? Let’s talk about how Grype is going to fill this missing gap during our community call at noon today (Thursday)

Check out this blog post for background: anchore.com/blog/national-…

Hi everyone! Tomorrow (Thurs) at noon ET we are having our Syft/Grype community call and office hours. Stop by with any questions or feedback you might have. See you soon!

docs.google.com/document/d/1Zt…

In case you missed it, Syft 1.0 is out!

Big news for Syft! We have just released version 1.0. Thank you to our 134 open source contributors and all of our users who have helped us reach this milestone.

Read more about Syft, our 1.0 release, and the future: anchore.com/blog/syft-reac…

Today at noon ET we will be having our usual community call for Syft and Grype. Please join us if you have any questions or just want to chat with the team. Our agenda is here, feel free to add your own topics or just bring them to the meeting: docs.google.com/document/d/1Zt…

Syft 0.105.0 is out! New catalogers include Erlang OTP, WordPress, binary security features, and more. Lots of bug fixes, too. Check out the full details:

github.com/anchore/syft/r…

🗓️ Tomorrow at noon ET we're holding our community office hours! We're taking your topics and we will also be showing a demo of Grant, our new license analysis tool. Join us!

docs.google.com/document/d/1Zt…

Hello all! Syft 0.103.1 has been released. This version includes a fix for a security issue related to path traversal while scanning archives. This is fixed, with a couple of other bug fixes and a few API-level changes.

Please see github.com/anchore/syft/r… for more details.

Tomorrow (Thurs) at noon ET we are holding our usual Syft and Grype community meeting. Join us! Our agenda is open, and we always have time for your questions and ideas. docs.google.com/document/d/1Zt…

Did you know that Syft can detect @GoLang dependencies from a Go binary?

If you have a Docker Build Cloud is here! 🐳🧱☁️ image with a single Go binary in it, `docker sbom` will be able to list all the packages used to build the binary.

Heads up! We just released Syft 0.101.0 with a security update in the included circl library.

This release also includes several new binary catalogers, much more flexible cataloger selection for the CLI (try ‘syft cataloger list’), and a few bug fixes.

github.com/anchore/syft/r…

Tomorrow (Jan 18) we are holding our community meeting at noon Eastern. Our agenda is currently wide open in case you had a question, wanted to discuss an issue, or just chat about a topic related to Syft or Grype.

See you tomorrow at noon ET!

docs.google.com/document/d/1Zt…