Sylabs and Anchore Collaborate to Bring SBOM Support for Singularity Containers

Reno, NV – August 24, 2022 – Sylabs, a provider of container technology and services for performance-intensive workloads, today announced it has collaborated with Anchore to bring Syft Software Bill of Materials (SBOM) support to Singularity containers.

Developed and maintained by Anchore, a software supply chain security company, Syft is an open source tool for generating SBOMs. Using SBOMs, organizations are able to give their users deep visibility into container images for the proactive securing of the software supply chain. The new ability comes after months of collaboration between Sylabs and Anchore to add support for the Singularity Image Format (SIF) to Syft through the stereoscope library. Users of Singularity and Syft will also be able to utilize Grype, Anchore’s vulnerability scanner for container images and filesystems. With Grype, developers are able to quickly scan SBOMs for vulnerabilities, ensuring that the container is clean of any exploits that could be used for malicious purposes.

“Core to our mission at Sylabs is deploying complex workloads securely, and this collaboration with Anchore and their Syft tool helps deliver on that aim,” said Adam Hughes, CTO of Sylabs. “SBOMs have become a critical part of building a secure software supply chain, providing developers with a bill of materials that completely describes the make-up of the container package, including dependencies, versions, licenses and compliance requirements. Users of Singularity (and its derivatives) can now use Syft to ensure control of their container environments, maintaining a secure software supply chain. Sylabs is committed to working with prominent projects in the OCI world so that users can benefit from the unique features of SIF, while leveraging tools from the wider OCI ecosystem.”

“The collaboration between Anchore and Sylabs provides users of the Singularity container runtime the ability to create and store an SBOM as an independent operation,” said Daniel Nurmi, CTO of Anchore. “With the rise in software supply chain security attacks, the need for generating and managing SBOMs has become critical in creating a strong security posture against vulnerabilities and malicious actors. This collaboration gives users in the HPC arena visibility into Singularity containers to ensure they are secure and compliant.”
To learn more about how to create SBOMs and conduct vulnerability scanning of Singularity containers with Syft and Grype, please visit this blog post.