Skip to content

Latest commit

 

History

History
30 lines (17 loc) · 1.15 KB

README.md

File metadata and controls

30 lines (17 loc) · 1.15 KB

Syft rules for Bazel

This project extends bazel with a toolchain for the use of both the Syft and Grype toolchains from Anchore

Setup

See the WORKSPACE setup section of the current release.

Design

This ruleset was initially designed to add SBOM generation capability for rules_oci. It now supports both using Syft and Grype per the public API below

Usage and Public API

The public API is outlined below. It is currently barebones with more features being added in the near future.

Syft

  • syft_sbom - Generate an SBOM from a provided oci_image

Grype

  • grype_report - Generate CVE Report for an syft_sbom using grype binary that is pulled as a toolchain.
  • grype_test - Scans a SBOM for known vulnerabilities and fails if vulnerabilities are found that exceed a certain severity.

SBOM Generation Examples