syft syft Go CLI tool that generates Software Bill of Materials (SBOM) from container images and filesystems. container-runtime security scanner sbom