Help shape the future of Syft! Share your thoughts in our quick 5-question survey. Your feedback will guide our development priorities and help us better serve your needs. Thank you! 
Release Notes:
Version v1.27.0
Added Features
Bug Fixes
- Remove CPE product candidates for phf, prometheus, hyper and Rust crates #3967 @jayvdb
- Remove CPE product candidates for opentelemetry and redis Rust crates #3962 @jayvdb
- Harden Container Runtime with Non-Root User #3941 @MikeTheCyberGuy
- terraform provider lock entries should not require constraints #3934 @ghouscht
- sbom cataloger returning upstream package #3662 #3981 @kzantow
- Syft missing md5 sums and list data for dpkg packages under
status.d/#3912 - Failure to detect dependency relationships between Python packages #3958 #3965 @christoph-blessing
- Heavy memory consumption when directory scanning deb source #3928 #3953 @kzantow
- In versions 1.25.0 and later, graalvm-native-image-cataloger adds 3-6 hours to Syft #3942 #3944 @kzantow
- Syft incorrectly reports multiple APKs as parents of symlinked files #3847 #3923 @luhring