How can I configure syft within Grype

Does Grype Pickup the syft config file or syft environment variables (SYFT_) up or isnt it possible to configure syft within grype?

1 Like

Hi @henrysachs the simplest way to configure syft within grype is to make an SBOM ahead of time and pass it to grype:

syft -o json my-image | grype

And configure Syft however you’d like.

Another useful pattern is to do this:

syft -o json my-image > syft.json
grype syft.json

This has the added advantage that you don’t need to rebuild the SBOM unless the image changed, so you can generate an SBOM at image build time but scan every day. Depending on image size, that might save you some time.

Does that answer your need? Is there a particular Syft option you were hoping to pass to Grype?

1 Like