Syft lets you define custom output formats, using Go templates relative to the Syft JSON output. Here's how it works:

• Define your format as a Go template, and save this template as a file.

• Set the output format to "template" (-o template).

• Specify the path to the template file (-t ./path/to/custom.template).

• Syft's template processing uses the same data models as the syft-json output format — so if you're wondering what data is available as you author a template, you can use the output from syft <image> -o syft-json as a reference.

Example: You could make Syft output data in CSV format by writing a Go template that renders CSV data and then running syft <image> -o template -t ~/path/to/csv.tmpl.

Here's what the csv.tmpl file might look like:

"Package","Version Installed", "Found by"
{{- range .artifacts}}
"{{.name}}","{{.version}}","{{.foundBy}}"
{{- end}}

Which would produce output like:

"Package","Version Installed","Found by"
"alpine-baselayout","3.2.0-r20","apkdb-cataloger"
"alpine-baselayout-data","3.2.0-r20","apkdb-cataloger"
"alpine-keys","2.4-r1","apkdb-cataloger"
...

Syft also includes a vast array of utility templating functions from sprig apart from the default Golang text/template to allow users to customize the output format.

Lastly, Syft has custom templating functions defined in ./syft/format/template/encoder.go to help parse the passed-in JSON structs.