Syft rules for Bazel
This project extends bazel with a toolchain for the use of both the Syft and Grype toolchains from Anchore
See the WORKSPACE setup section of the current release.
This ruleset was initially designed to add SBOM generation capability for rules_oci. It now supports both using Syft and Grype per the public API below
The public API is outlined below. It is currently barebones with more features being added in the near future.
- syft_sbom - Generate an SBOM from a provided oci_image
- grype_report - Generate CVE Report for an syft_sbom using grype binary that is pulled as a toolchain.
- grype_test - Scans a SBOM for known vulnerabilities and fails if vulnerabilities are found that exceed a certain severity.
- Multiarch SBOM Generation - Generate SBOM's for multiarch images then combine into an image index