Hacker News new | ask | show | jobs
by derkoe 1431 days ago
Currently the best one I know of is https://github.com/anchore/syft. It finds most dependencies even within built artifacts.

You can also check out the comments in https://news.ycombinator.com/item?id=32104805 - the release announcement of Salus (Microsoft)