DiscoverOpen Source SecuritySyft, Grype, and Grant with Alan Pope
Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope

Update: 2025-04-21
Share

Description

I chat with Alan Pope about the open source security tools Syft, Grype, and Grant. These tools help create Software Bills of Materials (SBOMs) and scan for vulnerabilities. Learn why generating and storing SBOMs is crucial for understanding your software supply chain and quickly responding to new threats like Log4Shell.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-04-syft-grype-grant-alan-pope/

Comments 
In Channel
Talos Linux security with Andrey Smirnov

Talos Linux security with Andrey Smirnov

2025-09-0138:04

Discussing the Open Source, Open Threats? paper with Behzad and Ali

Discussing the Open Source, Open Threats? paper with Behzad and Ali

2025-08-2534:59

crates.io trusted publishing with Tobias Bieniek

crates.io trusted publishing with Tobias Bieniek

2025-08-1825:39

CVE update with Patrick Garrity

CVE update with Patrick Garrity

2025-08-1132:25

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

2025-08-0431:38

EU Regulations will change everything with Daniel Thompson

EU Regulations will change everything with Daniel Thompson

2025-07-2831:57

Open source microprocessors with Jan Pleskac

Open source microprocessors with Jan Pleskac

2025-07-2130:51

Package URLs with Philippe Ombredanne

Package URLs with Philippe Ombredanne

2025-06-2336:48

Hobbyist Maintainers with Thomas DePierre

Hobbyist Maintainers with Thomas DePierre

2025-06-1649:03

STIG automation with Aaron Lippold

STIG automation with Aaron Lippold

2025-06-0933:28

Ecosyste.ms with Andrew Nesbitt

Ecosyste.ms with Andrew Nesbitt

2025-06-0235:38

Curl vs AI with Daniel Stenberg

Curl vs AI with Daniel Stenberg

2025-05-2634:23

Repository signing with Kairo De Araujo

Repository signing with Kairo De Araujo

2025-05-1933:29

Securing GitHub Actions with William Woodruff

Securing GitHub Actions with William Woodruff

2025-05-1231:50

Embedded Security with Paul Asadoorian

Embedded Security with Paul Asadoorian

2025-05-0534:24

tj-actions with Endor Lab's Dimitri Stiliadis

tj-actions with Endor Lab's Dimitri Stiliadis

2025-04-2832:39

Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope

2025-04-2131:04

CVE for EOL with Aaron Frost

CVE for EOL with Aaron Frost

2025-04-1430:00

cargo-semver-checks with Predrag Gruevski

cargo-semver-checks with Predrag Gruevski

2025-04-0733:35

Distributed CI and Git with Lars Wirzenius

Distributed CI and Git with Lars Wirzenius

2025-03-3127:27

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Syft, Grype, and Grant with Alan Pope

Syft, Grype, and Grant with Alan Pope