Safeguard
Tag

syft

Safeguard articles tagged "syft" — guides, analysis, and best practices for software supply chain and application security.

10 articles

SBOM

SBOM standards and formats compared (SPDX vs CycloneDX vs...

SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.

Mar 30, 20268 min read
SBOM

How to generate an SBOM with free open source tools

Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.

Mar 29, 20267 min read
Tools

How Syft scans software to generate SBOMs (under-the-hood...

A deep look at Syft's under-the-hood scanning mechanics — catalogers, binary classifiers, layer squashing, and SBOM formats — and where the single-scan model breaks down at fleet scale.

Mar 28, 20267 min read
SBOM

SBOM Generation: Syft, Tern, Trivy Compared (2026)

An engineer's side-by-side of Syft, Tern, and Trivy for SBOM generation in 2026, with honest notes on accuracy, performance, and where each tool actually fits.

Mar 4, 20267 min read
SBOM

How to set up SBOM generation in a CI pipeline

Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.

Feb 21, 20268 min read
Tools

Best SBOM Generators Ranked by Accuracy 2026

Syft, Trivy, cdxgen, and Microsoft sbom-tool measured against known dependency ground truth across four ecosystems. The accuracy spread is wider than you think.

Feb 9, 20266 min read
Tools

Syft v1.20 Release: Faster Scans, Smarter License Detection

Anchore's Syft v1.20 ships a refactored license cataloger, Bitnami SBOM passthrough, and a 2x speedup on filesystem scans. We tested the upgrade on five real codebases.

Sep 18, 20255 min read
Guides

How to Generate an SBOM in a GitLab CI Pipeline

A working .gitlab-ci.yml for SBOM generation with Syft: CycloneDX report artifacts, a Grype scan stage, and Cosign attestations pushed next to the image.

Mar 3, 20245 min read
Tool Reviews

Anchore Syft: The Go-To Open Source SBOM Generator

A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.

Jun 8, 20236 min read
SBOM

Generating SBOMs with Syft: The Complete Guide

Syft is the most popular open-source SBOM generator. Here's how to use it effectively for containers, directories, archives, and CI/CD pipelines.

Apr 8, 20226 min read
syft — Safeguard Blog