{"id":15019992,"url":"https://github.com/docker/buildkit-syft-scanner","last_synced_at":"2026-04-09T10:06:54.717Z","repository":{"id":65150586,"uuid":"567815042","full_name":"docker/buildkit-syft-scanner","owner":"docker","description":"BuildKit Syft scanner","archived":false,"fork":false,"pushed_at":"2025-01-23T05:46:54.000Z","size":60074,"stargazers_count":29,"open_issues_count":2,"forks_count":10,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-29T03:06:05.651Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/docker/buildkit-syft-scanner/tags","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/docker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-18T16:37:33.000Z","updated_at":"2025-02-26T11:19:19.000Z","dependencies_parsed_at":"2023-11-06T12:43:33.914Z","dependency_job_id":"7b485782-d8de-4ff8-b08a-e6824c525ca5","html_url":"https://github.com/docker/buildkit-syft-scanner","commit_stats":{"total_commits":110,"total_committers":4,"mean_commits":27.5,"dds":0.5272727272727273,"last_synced_commit":"f22f9866c24554ba087f5798d03a41c39f3e5f7b"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuildkit-syft-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuildkit-syft-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuildkit-syft-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/docker%2Fbuildkit-syft-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/docker","download_url":"https://codeload.github.com/docker/buildkit-syft-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247284949,"owners_count":20913704,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T19:54:26.317Z","updated_at":"2026-04-09T10:06:54.686Z","avatar_url":"https://github.com/docker.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BuildKit Syft scanner\n\nThis repo packages the [Syft scanner](https://github.com/anchore/syft) as a\n[BuildKit SBOM generator](https://github.com/moby/buildkit/blob/master/docs/attestations/sbom.md)\nto include scan results with the output of Docker builds.\n\nThe [docker/buildkit-syft-scanner](https://hub.docker.com/r/docker/buildkit-syft-scanner)\nimage implements the BuildKit SBOM scanner protocol defined\n[here](https://github.com/moby/buildkit/blob/master/docs/attestations/sbom-protocol.md).\n\n## Usage\n\nTo scan an image during build with [buildctl](https://github.com/moby/buildkit):\n\n    $ buildctl build ... \\\n        --output type=image,name=\u003cimage\u003e,push=true \\\n        --opt attest:sbom=generator=docker/buildkit-syft-scanner\n\n## Development\n\n`buildkit-syft-scanner` uses bake to build the project.\n\nTo setup a development environment by cloning the git repository:\n\n    $ git clone https://github.com/docker/buildkit-syft-scanner.git\n    $ cd buildkit-syft-scanner\n\nIt's recommended to setup an ephemeral local registry to push the development\nimage to:\n\n    $ docker run -d -p 5000:5000 --rm --name registry registry:2\n\nTo build the development image, and push it to `localhost:5000/buildkit-syft-scanner:dev`:\n\n    $ make dev IMAGE=localhost:5000/buildkit-syft-scanner:dev \n\nTo test the development image:\n\n    $ make examples IMAGE=localhost:5000/buildkit-syft-scanner:dev \n\nTo scan an image during build with [buildctl](https://github.com/moby/buildkit)\nusing the development image:\n\n    $ buildctl build ... \\\n        --output type=image,name=\u003cimage\u003e,push=true \\\n        --opt attest:sbom=generator=localhost:5000/buildkit-syft-scanner:dev\n\n## Contributing\n\nWant to contribute? Awesome!\n\n`buildkit-syft-scanner` is mostly glue between [BuildKit](https://github.com/moby/buildkit)\nand [Syft](https://github.com/anchore/syft), so contributions will mostly\nlikely belong in one of those projects. This project is intended to be as thin\na compatibility layer as possible, so we have a strong preference for as little\ncode here as possible.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fbuildkit-syft-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdocker%2Fbuildkit-syft-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdocker%2Fbuildkit-syft-scanner/lists"}