SBOM related question #829
Unanswered
harshitasao
asked this question in
Q&A
Replies: 3 comments 4 replies
-
We already use grype (which is the sibling project of syft) for finding vulnerabilities. See this comment |
Beta Was this translation helpful? Give feedback.
1 reply
-
Beta Was this translation helpful? Give feedback.
2 replies
-
just want to share my thought here , if we use the SBOM generated using syft and then use the SBOM as input to grype , grype will look for vulnerabilities and give out the report , the whole process takes under a second , where as if u use just grype without SBOM it will take around 10 to 15 seconds to do the same task . |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey @dwertent @slashben, I was working on issue #668 and needed to generate the SBOM, so I did some research on Google and found some tools like syft and bom that could help. Please correct me if I'm not going in the right direction.
Beta Was this translation helpful? Give feedback.
All reactions