SBOM container tools comparison #9423
jakub-bochenski
started this conversation in
Adopters
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I put together a comparison of container scanning tools: https://github.com/jakub-bochenski/container-sbom-shootout
I'm looking for feedback — if you have ideas on improving the comparison or know how any of the tools could be configured for better results, I’d love to hear your thoughts!
Trivy does quite well in identifying components, but license detection seems lacking for Java and Go.
The comparison uses some popular public images, using specially crafted images with controlled contents would be better, but I didn’t find time for it.
Beta Was this translation helpful? Give feedback.
All reactions