Does Grype Pickup the syft config file or syft environment variables (SYFT_) up or isnt it possible to configure syft within grype?
1 Like
Hi @henrysachs the simplest way to configure syft within grype is to make an SBOM ahead of time and pass it to grype:
syft -o json my-image | grype
And configure Syft however you’d like.
Another useful pattern is to do this:
syft -o json my-image > syft.json
grype syft.json
This has the added advantage that you don’t need to rebuild the SBOM unless the image changed, so you can generate an SBOM at image build time but scan every day. Depending on image size, that might save you some time.
Does that answer your need? Is there a particular Syft option you were hoping to pass to Grype?
1 Like