Output Formats

SBOM Generation Output Formats
Tags:

Output formats

The output format for Syft is configurable as well using the -o (or --output) option:

syft <image> -o <format>

Where the formats available are:

  • syft-json: Use this to get as much information out of Syft as possible!
  • syft-text: A row-oriented, human-and-machine-friendly output.
  • cyclonedx-xml: A XML report conforming to the CycloneDX 1.6 specification.
  • cyclonedx-json: A JSON report conforming to the CycloneDX 1.6 specification.
  • spdx-tag-value: A tag-value formatted report conforming to the SPDX 2.3 specification.
  • spdx-tag-value@2.2: A tag-value formatted report conforming to the SPDX 2.2 specification.
  • spdx-json: A JSON report conforming to the SPDX 2.3 JSON Schema.
  • spdx-json@2.2: A JSON report conforming to the SPDX 2.2 JSON Schema.
  • github-json: A JSON report conforming to GitHub’s dependency snapshot format.
  • syft-table: A columnar summary (default).
  • template: Lets the user specify the output format.

Multiple Outputs

Syft can also output multiple files in differing formats by appending =<file> to the option, for example to output Syft JSON and SPDX JSON:

syft <image> -o syft-json=sbom.syft.json -o spdx-json=sbom.spdx.json
Last modified September 29, 2025: add python tests and tooling (c00b34a)