Trace
GoKubernetesAWS S3SyftGrypeDocker
Supply Chain Security & Vulnerability Analysis engine for cloud-native infrastructure with SBOM generation and CVE correlation.
Trace is a Go-based supply chain security engine that provides deep visibility into containerized deployments through automated SBOM (Software Bill of Materials) generation and real-time vulnerability correlation.
It performs layer-by-layer analysis of OCI-compliant images, generates CycloneDX and SPDX-compliant manifests, and correlates packages against CVE databases via Grype. Features include S3-backed artifact storage with presigned URLs and a high-performance REST API for CI/CD pipeline integration.