mirror of https://github.com/de-it-krachten/ansible-role-syft synced 2026-05-14 03:51:43 +00:00

No description

Jinja 100%

Find a file

semantic-release-bot 9fca8718c0 chore(release): 1.6.0 [skip ci] # [1.6.0](https://github.com/de-it-krachten/ansible-role-syft/compare/v1.5.0...v1.6.0) (2026-03-15) ### Features * Added support for Fedora 43 ([`c6869fa`](`c6869fa7b2`)) * Drop support for Fedora 41 ([`73aa731`](`73aa73168f`)) * Drop support for openSUSE Leap 15 ([`7f62017`](`7f62017b11`)) * Drop support for SUSE Linux Enterprise 15 ([`98c30af`](`98c30af299`))		2026-03-15 11:41:29 +00:00
.github/workflows	Update CI	2026-03-14 20:04:16 +01:00
defaults	Fix scheduling	2023-05-22 00:19:29 +02:00
meta	Update CI	2026-03-14 20:04:16 +01:00
molecule/default	Update CI	2026-03-14 20:04:16 +01:00
tasks	Update supported platforms & CI	2025-08-06 21:40:42 +02:00
templates	Fix scheduling	2023-05-22 00:19:29 +02:00
.ansible-lint	Initial commit	2022-12-14 23:52:21 +01:00
.cicd	Update CI	2026-03-07 01:06:09 +01:00
.cicd.overwrite	Update CI	2026-03-14 20:04:16 +01:00
.collections	feat: Add support for Ubuntu 24.04 LTS + Fedora 40	2024-05-31 23:52:29 +02:00
.gitignore	feat: Update supported platforms & CI	2024-12-29 13:06:22 +01:00
.releaserc.yml	Update CI	2026-03-07 01:06:09 +01:00
.roles	Initial commit	2022-12-14 23:52:21 +01:00
.yamllint	feat: Update supported platforms & CI	2024-12-29 13:06:22 +01:00
CHANGELOG.md	chore(release): 1.6.0 [skip ci]	2026-03-15 11:41:29 +00:00
README.md	Update CI	2026-03-14 20:04:16 +01:00

README.md

ansible-role-syft

Installs syft, CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft

Dependencies

Roles

deitkrachten.cron
deitkrachten.logrotate

Collections

None

Platforms

Supported platforms

Red Hat Enterprise Linux 8¹
Red Hat Enterprise Linux 9¹
Red Hat Enterprise Linux 10¹
RockyLinux 8
RockyLinux 9
RockyLinux 10
OracleLinux 8
OracleLinux 9
OracleLinux 10
AlmaLinux 8
AlmaLinux 9
AlmaLinux 10
Debian 11 (Bullseye)
Debian 12 (Bookworm)
Debian 13 (Trixie)
Ubuntu 20.04 LTS
Ubuntu 22.04 LTS
Ubuntu 24.04 LTS
Fedora 42
Fedora 43

Note: ¹ : no automated testing is performed on these platforms

Role Variables

defaults/main.yml


# Remove syft
syft_removal: false

# Github CLI - API
syft_api: https://api.github.com/repos/anchore/syft

# Github CLI - repo
syft_repo: https://github.com/anchore/syft

# Lookup table for architecture
syft:
  architecture:
    x86_64: amd64
  system:
    Linux: linux
    Darwin: darwin

# Version of the CLI to install
syft_version: latest

# Location/ownership/permissions of the binary
syft_path: /usr/local/bin/syft
syft_owner: root
syft_group: root
syft_mode: '0755'

# File/directory location for Syft output
syft_log_dir: /var/log/syft
syft_log_file: syft.json

# Syft execution details
syft_wrapper_script: /usr/local/bin/syft.sh
syft_schedule_command: '{{ syft_wrapper_script }}'
## syft_execution_command: "{{ syft_path }} / -q --output=json --file {{ syft_log_dir }}/{{ syft_log_file }}"
syft_excludes:
  - './tmp'
syft_execution_user: root
syft_execution_group: root

# Syft schedule defaults
syft_schedule: false
syft_schedule_times:
  weekday: '*'
  hour: '01'
  minute: '00'

# Execute syft immediately
syft_immediate: false

# Central location to store all servers sbom files
syft_central_path: /var/log/syft_central

# Syft outout formats
syft_output:
  json:
    format: json
    file: syft.json
  spdx:
    format: spdx-json
    file: syft.spdx.json
  cyclonedx:
    format: cyclonedx-json
    file: syft.cyclonedx.json

Example Playbook

molecule/default/converge.yml


- name: sample playbook for role 'syft'
  hosts: all
  become: 'yes'
  vars:
    molecule_driver: '{{ lookup(''env'', ''MOLECULE_DRIVER_NAME'') }}'
    syft_schedule: true
    syft_immediate: true
    syft_central_path: /tmp/syft
  roles:
    - deitkrachten.cron
    - deitkrachten.logrotate
  tasks:
    - name: Include role 'syft'
      ansible.builtin.include_role:
        name: syft