We’ve just added container image scanning to SCANOSS. It now supports generating full SBOMs from Docker/OCI containers, including undeclared and inherited packages from base images.
Why it matters: SBOMs usually stop at your app. Containers are like mini OSs, often containing hundreds of packages you didn’t explicitly include — but are still shipping.