From the course: Building Secure Software Supply Chains with Open-Source Tools
Join today to access over 24,900 courses taught by industry experts.
Generating SBOMs with Syft
From the course: Building Secure Software Supply Chains with Open-Source Tools
Generating SBOMs with Syft
- Imagine ordering a cake, but you don't know what is inside. Is there gluten, nuts or any other additives? Now imagine you could scan that cake and get a full list of ingredient down to the tiniest trace. That is exactly what the SBOM does for your software, and Syft is the scanner that we use in this video. Let's start by installing Syft. So in this page we can see first the Syft Git repository if you want to have more information on this scanner, which is open source. We are going to install Syft. So we can copy paste this comment that will actually fetch the GitHub repository content and add it to our usr-local.bin folder. This way we'll be able to call Syft from anywhere in our code space. Please, once again, check that you are correctly in the code space allocated for this course. Nice. Now Syft is installed. We're going to generate an SBOM from the juice shop image that is stored in the Docker hub. Let's copy…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
What is an SBOM?2m 56s
-
(Locked)
Benefits of SBOMs in supply chain security2m 21s
-
(Locked)
Generating SBOMs with Syft4m 4s
-
(Locked)
Analyzing SBOMs for vulnerabilities using Grype4m 49s
-
(Locked)
Hands-on lab: Generate and analyze an SBOM for the OWASP juice shop1m 11s
-
(Locked)
Using SBOMs for compliance2m 36s
-
-
-
-
-