"A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner tool like Grype." (1)
As 'root'...
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
Other steps on this page assume /usr/local/bin in in your PATHFor example, to generate a SBOM for Oracle SQL Developer installed in /opt/sqldeveloper...
cd /opt/sqldeveloper
syft . | more
To check for specific files...
For example we know that log4j prior to version 2.14 has a critical vulnerability; let's see which version our version of SQL Developer is using...syft . | grep log4j