{"id":"661a989d-b834-4505-9255-bc08ac345ab2","shortId":"NVSXZW","kind":"skill","title":"SBOM Generator and CVE Matcher","tagline":"Generates Software Bill of Materials using Syft for container images and matches components against the NVD CVE database via OSV.dev API. Outputs CycloneDX and SPDX formats for supply chain compliance.","description":"# SBOM Generator and CVE Matcher\n\nGenerates Software Bill of Materials using Syft for container images and matches components against the NVD CVE database via OSV.dev API. Outputs CycloneDX and SPDX formats for supply chain compliance.\n\n## Installation\n\nRequirements and caveats from upstream:\n- Supports dozens of packaging ecosystems (e.g. Alpine (apk), Debian (dpkg), RPM, Go, Python, Java, JavaScript, Ruby, Rust, PHP, .NET, and [many more](https://oss.anchore.com/docs/capabilities/all-packages/))\n- Supports OCI, Docker, [Singularity](https://github.com/sylabs/singularity), and [more image formats](https://oss.anchore.com/docs/guides/sbom/scan-targets/)\n- **See [Installation docs](https://oss.anchore.com/docs/installation/syft/) for more ways to get Syft, including Homebrew, Docker, Scoop, Chocolatey, Nix, and more!**\n\nBasic usage or getting-started notes:\n- **New to Syft? Check out the [Getting Started guide](https://oss.anchore.com/docs/guides/sbom/getting-started/) for a walkthrough!**\n- The quickest way to get up and going:\n- bash\n\n- Source: https://github.com/anchore/syft\n- Extracted from upstream docs: https://raw.githubusercontent.com/anchore/syft/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/sbom-generator-cve-matcher/)","tags":["sbom","generator","cve","matcher","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-sbom-generator-cve-matcher","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/sbom-generator-cve-matcher","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,291 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:17.145Z","embedding":null,"createdAt":"2026-05-18T13:19:07.032Z","updatedAt":"2026-05-18T19:12:17.145Z","lastSeenAt":"2026-05-18T19:12:17.145Z","tsv":"'/anchore/syft':170 '/anchore/syft/head/readme.md':177 '/docs/capabilities/all-packages/))':101 '/docs/guides/sbom/getting-started/)':154 '/docs/guides/sbom/scan-targets/)':115 '/docs/installation/syft/)':121 '/skills/sbom-generator-cve-matcher/)':184 '/sylabs/singularity),':108 'agent':179 'agentskillexchange.com':183 'agentskillexchange.com/skills/sbom-generator-cve-matcher/)':182 'alpin':83 'api':26,61 'apk':84 'bash':166 'basic':136 'bill':8,43 'caveat':74 'chain':34,69 'check':146 'chocolatey':132 'complianc':35,70 'compon':18,53 'contain':14,49 'cve':4,22,39,57 'cyclonedx':28,63 'databas':23,58 'debian':85 'doc':118,174 'docker':104,130 'dozen':78 'dpkg':86 'e.g':82 'ecosystem':81 'exchang':181 'extract':171 'format':31,66,112 'generat':2,6,37,41 'get':126,140,149,162 'getting-start':139 'github.com':107,169 'github.com/anchore/syft':168 'github.com/sylabs/singularity),':106 'go':88,165 'guid':151 'homebrew':129 'imag':15,50,111 'includ':128 'instal':71,117 'java':90 'javascript':91 'mani':97 'match':17,52 'matcher':5,40 'materi':10,45 'net':95 'new':143 'nix':133 'note':142 'nvd':21,56 'oci':103 'oss.anchore.com':100,114,120,153 'oss.anchore.com/docs/capabilities/all-packages/))':99 'oss.anchore.com/docs/guides/sbom/getting-started/)':152 'oss.anchore.com/docs/guides/sbom/scan-targets/)':113 'oss.anchore.com/docs/installation/syft/)':119 'osv.dev':25,60 'output':27,62 'packag':80 'php':94 'python':89 'quickest':159 'raw.githubusercontent.com':176 'raw.githubusercontent.com/anchore/syft/head/readme.md':175 'requir':72 'rpm':87 'rubi':92 'rust':93 'sbom':1,36 'scoop':131 'see':116 'singular':105 'skill':180 'skill-sbom-generator-cve-matcher' 'softwar':7,42 'sourc':167,178 'source-agentskillexchange' 'spdx':30,65 'start':141,150 'suppli':33,68 'support':77,102 'syft':12,47,127,145 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'upstream':76,173 'usag':137 'use':11,46 'via':24,59 'walkthrough':157 'way':124,160","prices":[{"id":"186ba75c-0ec1-4ed5-b216-5232d84f679b","listingId":"661a989d-b834-4505-9255-bc08ac345ab2","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:07.032Z"}],"sources":[{"listingId":"661a989d-b834-4505-9255-bc08ac345ab2","source":"github","sourceId":"agentskillexchange/skills/sbom-generator-cve-matcher","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/sbom-generator-cve-matcher","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:07.032Z","lastSeenAt":"2026-05-18T19:12:17.145Z"}],"details":{"listingId":"661a989d-b834-4505-9255-bc08ac345ab2","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"sbom-generator-cve-matcher","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"176406c2f4293521614f36d9dcd7d1e9265e6e18","skill_md_path":"skills/sbom-generator-cve-matcher/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/sbom-generator-cve-matcher"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"SBOM Generator and CVE Matcher","description":"Generates Software Bill of Materials using Syft for container images and matches components against the NVD CVE database via OSV.dev API. Outputs CycloneDX and SPDX formats for supply chain compliance."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/sbom-generator-cve-matcher"},"updatedAt":"2026-05-18T19:12:17.145Z"}}