#1
A vulnerability scanner for container images and filesystems
12K starsJun 5, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grypeAlternatives
Syft alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
100
Quality
100
Trust
9.1K
Stars
#2
Vulnerability Static Analysis for Containers
11K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add quay/clair#3
π₯ ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
5.5K starsJun 3, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add mgechev/revive#4
Go security checker
8.9K starsJun 3, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add securego/gosec#5
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
3.5K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add stackrox/kube-linter#6
Security risk analysis for Kubernetes resources
1.5K starsJun 9, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#7
Staticcheck - The advanced Go linter
6.8K starsMay 24, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add dominikh/go-tools#8
Interactive architecture diagrams for codebases
2.1K starsJun 6, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add CodeBoarding/CodeBoarding#9
Tfsec is now part of Trivy
7.0K starsMar 25, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add aquasecurity/tfsec#10
Static analysis tool to detect potential nil panics in Go code
3.8K starsMay 28, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add uber-go/nilaway#11
A tool to enforce Swift style and conventions.
20K starsJun 6, 2026 pushdevelopmentSwiftStatic Analysis
$ npx skills add realm/SwiftLint#12
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
15K starsJun 10, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add semgrep/semgrep#13
Dockerfile linter, validate inline bash, written in Haskell
12K starsJun 1, 2026 pushdevelopmentHaskellStatic Analysis
$ npx skills add hadolint/hadolint#14
Program for determining types of files for Windows, Linux and MacOS.
11K starsJun 6, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add horsicq/Detect-It-Easy#15
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 8, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#16
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
8.8K starsJun 7, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add bridgecrewio/checkovHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Syft if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.