Description
Software bills of materials can be generated for container images through a Docker CLI plugin backed by Syft. It helps teams understand which packages and libraries are present inside an image.
An SBOM is an inventory aid, not a full vulnerability review. Keep generated reports with the matching image version and protect them when they reveal internal software details.