Welcome to Anchore Open Source

Anchore Open Source Software (OSS) is a suite of tools for Software Bill of Materials (SBOM) Generation, Vulnerability Scanning, License Scanning, and Vulnerability Database management.

Start by going to the project overview of Anchore OSS to learn more about the basic concepts and functions.

For information about generating SBOMs:

Get started with vulnerability scanning

Scan SBOMs or containers for licenses used:

Reference information

OSS release notes:

Note: Many topics have nested sub-topics in the navigation pane to the left that become visible when you click a topic.

Installing the Tools

The tools are available in many common distribution channels. The full list of official and community maintained packages can be found on the installation page.

Using the Tools

We have “Getting Started” user guides for SBOM Generation with Syft, Vulnerability Scanning with Grype, and License Scanning.

Developing

Developers also have Contribution Guides for all of our open source tools and libraries.

Projects

Overview of Anchore Open Source tools.

Data Sources

Vulnerability Data Sources

Installation

Official and community maintained packages of Anchore OSS Tools

Guides

Contributing

Guidelines for developing & contributing to Anchore Open Source projects

Reference

Reference for Anchore OSS Tools

About

About Anchore OSS and its community

Release Notes

Information about recent Anchore OSS releases

Glossary

Definitions of terms used in software security, SBOM generation, and vulnerability scanning

Last modified October 10, 2025: fix reference links (1594d93)