© 2022 Anchore, Inc. All rights reserved. | Legal

December 1, 2022

Using Open Source to Secure the Software Supply Chain: Cartographer, Syft, and Grype

Topics For This One Hour Meetup

Join us on December 1 for the next Anchore virtual open source meetup where developers and security practitioners will share their tips, tricks, and lessons learned on securing containers. This session will focus on using open source tools, including Cartographer, Syft, and Grype to improve your software supply chain security.

Anchore Open Source Meetup

11 am - 12 pm PT | 2 pm - 3 pm ET

Secure Your Software Supply Chain Using Cartographer

We’ll provide an overview of Cartographer and discuss how it can improve software supply chain security. Plus you’ll see a demo on how to use Cartographer along with Syft and Grype to improve the security posture of your containers.

Create SBOMs & Scan for Vulnerabilities with Syft and Grype

You’ll see a live demonstration of sbom-action, a GitHub action for creating an SBOM. Sbom-action uses the open source tool Syft to provide container image and directory-based SBOM generation, which makes it easy to add multiple SBOM-generation steps to your workflows to find out what’s under the hood and secure your software supply chain.

Christopher Phillips

Senior Software Engineer



Live discussion of container security best practices with your fellow developers and security practitioners.

Continue the Conversation

We’ll wrap up the planned content in an hour, but feel to stick around and continue the discussion or ask more questions.

Daniel de Repentigny

Senior Product Manager


Hector Fernandez

Supply Chain Tools Technical Lead