Sylabs, the global leader in providing container technology and services for performance-intensive workloads, today announced that it has collaborated with Anchore to bring Syft Software Bill of Materials (SBOM) support to Singularity containers. Developed and maintained by Anchore, a leader in software supply chain security, Syft is an open source tool for generating SBOMs. Using SBOMs, organizations are able to give their users deep visibility into container images for the proactive securing of the software supply chain. The new ability comes after months of collaboration between Sylabs and Anchore to add support for the Singularity Image Format (SIF) to Syft through the stereoscope library. Users of Singularity and Syft will also be able to utilize Grype, Anchore’s vulnerability scanner for container images and filesystems. With Grype, developers are able to quickly scan SBOMs for vulnerabilities, ensuring that the container is clean of any exploits that could be used for malicious purposes.
“Core to our mission at Sylabs is deploying complex workloads securely, and this collaboration with Anchore and their Syft tool helps deliver on that aim,” said Adam Hughes, CTO of Sylabs. “SBOMs have become a critical part of building a secure software supply chain, providing developers with a bill of materials that completely describes the make-up of the container package, including dependencies, versions, licenses and compliance requirements. Users of Singularity (and its derivatives) can now use Syft to ensure control of their container environments, maintaining a secure software supply chain. Sylabs is committed to working with prominent projects in the OCI world so that users can benefit from the unique features of SIF, while leveraging tools from the wider OCI ecosystem.”
“The collaboration between Anchore and Sylabs provides users of the Singularity container runtime the ability to create and store an SBOM as an independent operation,” said Daniel Nurmi, CTO of Anchore. “With the rise in software supply chain security attacks, the need for generating and managing SBOMs has become critical in creating a strong security posture against vulnerabilities and malicious actors. This collaboration gives users in the HPC arena visibility into Singularity containers to ensure they are secure and compliant.”
To learn more about how to create SBOMs and conduct vulnerability scanning of Singularity containers with Syft and Grype, please visit this blog post.
Sylabs is the global leader in providing professional tools and services for high performance container runtime technology. Sylabs makes high performance computing more accessible to researchers, scientists, and engineers using Singularity, the most advanced open source container runtime technology for performance-intensive applications and environments. As the most active contributor to the Singularity ecosystem, through both the community edition and Sylabs’ enterprise-supported and professional implementations, Sylabs is dedicated to enabling cutting-edge research and facilitating rapid scientific discovery to solve some of humanity’s greatest challenges. For more information about Singularity runtime technology, including SingularityCE (Community Edition), Singularity Container Services, SingularityPRO, and Singularity Enterprise, visit https://www.sylabs.io.