Reno, NV – August 24, 2022 – Sylabs, a provider of container technology and services for performance-intensive workloads, today announced it has collaborated with Anchore to bring Syft Software Bill of Materials (SBOM) support to Singularity containers.
Developed and maintained by Anchore, a software supply chain security company, Syft is an open source tool for generating SBOMs. Using SBOMs, organizations are able to give their users deep visibility into container images for the proactive securing of the software supply chain. The new ability comes after months of collaboration between Sylabs and Anchore to add support for the Singularity Image Format (SIF) to Syft through the stereoscope library. Users of Singularity and Syft will also be able to utilize Grype, Anchore’s vulnerability scanner for container images and filesystems. With Grype, developers are able to quickly scan SBOMs for vulnerabilities, ensuring that the container is clean of any exploits that could be used for malicious purposes.
“Core to our mission at Sylabs is deploying complex workloads securely, and this collaboration with Anchore and their Syft tool helps deliver on that aim,” said Adam Hughes, CTO of Sylabs. “SBOMs have become a critical part of building a secure software supply chain, providing developers with a bill of materials that completely describes the make-up of the container package, including dependencies, versions, licenses and compliance requirements. Users of Singularity (and its derivatives) can now use Syft to ensure control of their container environments, maintaining a secure software supply chain. Sylabs is committed to working with prominent projects in the OCI world so that users can benefit from the unique features of SIF, while leveraging tools from the wider OCI ecosystem.”