2-June-2022 DC CAW
Anchore will be bringing Syft and Grype.
Syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
Grype is a vulnerability scanner for container images and filesystems.
In the context of the Cybersecurity Automation Workshop, Syft is a tool that creates SBOMs, so is of interest to the SBOM community.
Of interest to the PACE community, those SBOMs could be stored in PACE. They (or others) could be scanned with Grype. So Grype could be considered a part of a PES in PACE.