Repositories list

• syft

  Public
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  godockergolang+ 8toolcontainersstatic-analysisocispdxhacktoberfestsbom+ 1

  Go

  •

  Apache License 2.0

  •751•8.2k•464•45•Updated Jan 10, 2026Jan 10, 2026

• grant

  Public
  A license scanner for container images and filesystems.

  golangstatic-analysiscompliance+ 2licensesbom

  Go

  •

  Apache License 2.0

  •12•130•24•2•Updated Jan 10, 2026Jan 10, 2026

• workflows

  Public
  reusable workflows to be used for the oss projects

  Python

  •

  Apache License 2.0

  •0•2•0•3•Updated Jan 10, 2026Jan 10, 2026

• grype

  Public

  anchore/grype’s past year of commit activity
  A vulnerability scanner for container images and filesystems

  godockergolang+ 12securitytoolcontainersstatic-analysisocivulnerabilityvex+ 5

  Go

  •

  Apache License 2.0

  •725•11k•322•33•Updated Jan 10, 2026Jan 10, 2026

• grype-db

  Public

  anchore/grype-db’s past year of commit activity
  sqlitevulnerabilityhacktoberfest+ 1grype

  Go

  •

  Apache License 2.0

  •30•58•13•14•Updated Jan 10, 2026Jan 10, 2026

• oss-docs

  Public

  anchore/oss-docs’s past year of commit activity
  Anchore OSS Documentation

  Python

  •

  Apache License 2.0

  •2•4•5•1•Updated Jan 10, 2026Jan 10, 2026

• .github

  Public
  Anchore, Inc

  github-profilegithub-profile-readme

  0•1•0•0•Updated Jan 10, 2026Jan 10, 2026

• security-identifiers

  Public

  anchore/security-identifiers’s past year of commit activity
  Contains the Anchore-allocated security identifiers and the relationships to upstream security data source identifiers

  Creative Commons Zero v1.0 Universal

  •0•1•0•0•Updated Jan 9, 2026Jan 9, 2026

• vunnel

  Public

  anchore/vunnel’s past year of commit activity
  Tool for collecting vulnerability data from various sources (used to build the grype database)

  datavulnerabilityhacktoberfest+ 1grype

  Python

  •

  Apache License 2.0

  •47•109•38•15•Updated Jan 9, 2026Jan 9, 2026

• ecs-inventory

  Public
  Anchore ECS Inventory can poll ECS Cluster API(s) to tell Anchore Enterprise which Containers and Images are currently in-use

  Go

  •

  Apache License 2.0

  •5•7•0•4•Updated Jan 9, 2026Jan 9, 2026

• clio

  Public
  An easy way to bootstrap your application with batteries included.

  gocligolang+ 6loggerviperevent-bushacktoberfestcobrabubbletea

  Go

  •

  Apache License 2.0

  •6•14•2•11•Updated Jan 9, 2026Jan 9, 2026

• anchore-charts

  Public
  Helm charts for Anchore tools and services

  kubernetessecurityhelm+ 2helm-chartssecurity-vulnerability-assessment

  Python

  •

  Apache License 2.0

  •73•53•6•7•Updated Jan 9, 2026Jan 9, 2026

• security-cli

  Public
  Tool for performing various Anchore security data curation tasks

  Python

  •

  Apache License 2.0

  •0•0•0•0•Updated Jan 9, 2026Jan 9, 2026

• stereoscope

  Public
  go library for processing container images and simulating a squash filesystem

  gogolangcontainer+ 3hacktoberfestsquashfscontainer-image

  Go

  •

  Apache License 2.0

  •53•101•20•7•Updated Jan 9, 2026Jan 9, 2026

• nvd-data-overrides

  Public
  Python

  •

  Creative Commons Zero v1.0 Universal

  •6•48•1•2•Updated Jan 9, 2026Jan 9, 2026

• scan-action

  Public
  Anchore container analysis and scan provided as a GitHub Action

  workflowactionsvulnerabilities+ 3policy-evaluationanchore-enginegithub-actions

  JavaScript

  •

  MIT License

  •84•264•20•3•Updated Jan 9, 2026Jan 9, 2026

• go-make

  Public
  Go

  •

  Apache License 2.0

  •1•0•0•9•Updated Jan 9, 2026Jan 9, 2026

• chronicle

  Public
  a fast changelog generator sourced from PRs and Issues

  githubgolangchangelog+ 2hacktoberfestchangelog-generator

  Go

  •

  Apache License 2.0

  •4•61•14•17•Updated Jan 8, 2026Jan 8, 2026

• vulnerability-match-labels

  Public
  Labeled vulnerability-package match pairs used as ground truth to evaluate vulnerability scanners

  labelsdatasetvulnerabilities+ 1hacktoberfest

  Python

  •

  Creative Commons Zero v1.0 Universal

  •9•14•4•3•Updated Jan 8, 2026Jan 8, 2026

• binny

  Public
  Manage a directory of binaries without a package manager

  package-managerbinaryhacktoberfest+ 2github-releasego-installer

  Go

  •

  Apache License 2.0

  •4•47•9•1•Updated Jan 8, 2026Jan 8, 2026

• homebrew-grype

  Public
  homebrew tap for grype

  Ruby

  •

  Apache License 2.0

  •2•0•0•1•Updated Jan 8, 2026Jan 8, 2026

• test-images

  Public
  Container automation for testing and validation

  Dockerfile

  •2•3•0•1•Updated Jan 8, 2026Jan 8, 2026

• sbom-action

  Public
  GitHub Action for creating software bill of materials using Syft.

  TypeScript

  •

  Apache License 2.0

  •34•216•13•2•Updated Jan 8, 2026Jan 8, 2026

• homebrew-grant

  Public
  Ruby

  •

  Apache License 2.0

  •1•1•1•1•Updated Jan 8, 2026Jan 8, 2026

• homebrew-syft

  Public
  homebrew tap for syft

  Ruby

  •

  Apache License 2.0

  •0•2•1•1•Updated Jan 8, 2026Jan 8, 2026

• cve-data-enrichment

  Public
  Shell

  •

  Creative Commons Zero v1.0 Universal

  •9•16•1•0•Updated Jan 8, 2026Jan 8, 2026

• vulnerability-index-spec-files

  Public
  Controls the rendering of specific vulnerability data records

  Creative Commons Zero v1.0 Universal

  •0•0•0•0•Updated Jan 8, 2026Jan 8, 2026

• vulnerability-data-tools

  Public
  Python

  •

  Apache License 2.0

  •4•15•3•2•Updated Jan 8, 2026Jan 8, 2026

• yardstick

  Public
  Compare vulnerability scanners results (to make them better!)

  vulnerabilityhacktoberfestvulnerability-scanners+ 1grype

  Python

  •

  Apache License 2.0

  •7•26•6•10•Updated Jan 7, 2026Jan 7, 2026

• fangs

  Public
  Go

  •

  Apache License 2.0

  •2•17•2•6•Updated Jan 5, 2026Jan 5, 2026