All projects · Go

Syft by anchore

Go Apache-2.0 SECURITY.md

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

containersdockergogolangstatic-analysistoolocisbomspdxcyclonedxhacktoberfest
Verdict 76/100 health $4.13/mo cheapest, hetzner 2/5 setup difficulty 9605k docker pulls Last release 6 days ago

Self-host Syft on hetzner CAX11 for $4.13/mo.

Deploy Syft on hetzner → View on GitHub
Health score
76 /100
6-dim composite
Self-hosts from
$4.13 /mo
hetzner · CAX11
Difficulty
2 /5
Docker + read README
GitHub stars
8.9k
854 forks

About Syft

From the project's README at github.com/anchore/syft. Lightly cleaned for readability; for the full source see the upstream repo.

A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.

<img alt="Join our Discourse" src="https://img.shields.io/badge/Discourse-Join-blue?l

Health score breakdown

6-dimension composite. See methodology for formula and weights.

activity
89
maturity
100
community
83
security
85
sustainability
65
adoption
36

Adoption signals

Real-world usage data, pulled from each registry. The bigger the numbers, the more battle-tested the project.

SignalValueSource
GitHub stars 8.9k github.com/anchore/syft
GitHub forks 854 github.com/anchore/syft
Docker Hub pulls 9605k hub.docker.com / anchore

Release & maintenance

Is this project actively maintained, or about to die? Check the recency of last commit and last release.

Project age6.0 yearssince May 2020
Last commit3 days agoMay 4, 2026
Releases shipped233last: 6 days ago
Security policySECURITY.mddeclared by maintainers

Self-hosting cost across providers

Detected requirements: 4GB RAM, 40GB disk minimum. Cheapest plan per provider that meets the requirement.

ProviderPlanSpecsMonthly
hetzner CAX11 2c · 4GB · 40GB $4.13 USD Deploy →
vultr VC2 1c · 1GB · 25GB $5 USD Deploy →
linode Nanode 1GB 1c · 1GB · 25GB $5.12 USD Deploy →
digitalocean Basic Regular 1GB 1c · 1GB · 25GB $6 USD Deploy →

Security advisories

2 known advisories tracked via OSV.dev. Most recent: CVE-2026-33481.

What people say on Hacker News

Ready to self-host Syft?

Spin up a hetzner CAX11 (4GB RAM, 40GB disk) for $4.13/mo and follow the project's official install docs.

Deploy on hetzner → $4.13/mo Read install docs on GitHub

Data last refreshed May 7, 2026.

Similar open-source projects

Projects in our directory that replace the same SaaS or share topics with Syft.

fiber
⚡️ Express inspired web framework written in Go
★ 39,684 $4.13/mo
gitea
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review,
★ 55,356 $4.13/mo
traefik
The Cloud Native Application Proxy
★ 62,977 $4.13/mo
traefik
The Cloud Native Application Proxy
★ 62,977 $4.13/mo
memos
Open-source, self-hosted note-taking tool built for quick capture. Markdown-native, lightweight, and fully yours.
★ 59,362 $4.13/mo
owncast
Take control over your live stream video by running it yourself. Streaming + chat out of the box.
★ 11,221 $4.13/mo

Frequently asked questions

Last verified . Data refreshes every 30 minutes.