{"schemaVersion":"opencli.cli.v1","slug":"syft","name":"Syft","shortName":"syft","binaryName":"syft","maker":{"slug":"anchore","name":"Anchore","type":"org","url":"https://anchore.com","officialPlatformMaker":true,"featuredBuilder":false},"category":"Security","description":"The official CLI from Anchore. SBOMs, package inventory, and supply chain from the terminal. Supports structured output — good for scripts and agents.","tagline":"SBOMs, package inventory, and supply chain from the terminal.","install":{"packageManager":"brew","command":"brew install syft","packageName":null,"npmPackage":null,"brewFormula":"syft","brewCask":null,"crateName":null,"pypiPackage":null,"goPackage":null,"dockerImage":null},"verify":{"command":"syft --version","signal":"syft responds locally and is ready for the first real command."},"quickStart":"syft dir:.","exampleWorkflow":["syft dir:."],"agent":{"readiness":{"label":"Great for agents","score":75,"reasons":["Structured output is available for parsing.","Supports non-interactive/scripted use.","Works well in CI or repeatable automation."],"guardrails":[]},"packUrl":"https://opencli.co/cli/syft/agent.md","packMarkdown":"# OpenCLI Agent Pack: Syft\n\nUse this when an AI agent needs to work with `syft`.\n\n## What this CLI is for\nThe official CLI from Anchore. SBOMs, package inventory, and supply chain from the terminal. Supports structured output — good for scripts and agents.\n\nBest for: sboms, package inventory, and supply chain from the terminal.\n\n## Agent readiness\nGreat for agents (75/100)\n- Structured output is available for parsing.\n- Supports non-interactive/scripted use.\n- Works well in CI or repeatable automation.\n\n## Install\n```sh\nbrew install syft\n```\n\n## Verify before real work\n```sh\nsyft --version\n```\nExpected signal: syft responds locally and is ready for the first real command.\n\n## Safe starting commands\n```sh\nsyft --version\n```\n\n```sh\nsyft dir:.\n```\n\n## Guardrails for agents\n- Run the verify command first.\n- Summarize findings before taking actions with side effects.\n\n## Suggested agent instruction\nYou may use Syft (`syft`) for sboms, package inventory, and supply chain from the terminal.. First install it if missing, then run the verify command. Start with read-only or inspection commands. Summarize what you found before changing anything. Ask for confirmation before commands that mutate remote state, spend money, deploy, delete data, merge code, or expose secrets.\n\nSource: OpenCLI\n"},"fit":{"bestFor":"sboms, package inventory, and supply chain from the terminal.","useThisIf":"You want security scanning you can script with structured output.","skipIf":"You don't work with security scanning.","whatHappensNext":"Run `syft dir:.` and see what comes back."},"capabilities":{"agentFriendly":true,"supportsJsonOutput":true,"supportsNonInteractive":true,"supportsDryRun":false,"requiresAuth":false,"requiresNetwork":false,"ciFriendly":true,"localFirst":false,"destructivePotential":"low"},"taxonomy":{"useCases":["SBOMs","Package inventory","Supply chain"],"aliases":["sbom cli"],"keywords":["sbom packages inventory"],"tags":["official","agent-friendly","ci-friendly","json-output"]},"links":{"website":"https://github.com/anchore/syft","github":"https://github.com/anchore/syft","docs":"https://github.com/anchore/syft","opencli":"https://opencli.co/cli/syft","markdown":"https://opencli.co/cli/syft/agent.md","json":"https://opencli.co/cli/syft.json"},"metrics":{"githubStars":9073,"latestRelease":"2026-06-07T17:28:18Z","license":"Apache-2.0","metricLabel":"Homebrew installs (30d)","metricValue":2516,"metricSource":"homebrew","metricAsOf":"2026-06-08T11:00:51.949Z"}}