macOS
brew install xeollocal Homebrew formula metadata
brew
Xcanner for end-of-life software in container images, filesystems, and SBOMs. Version 0.10.8 via Homebrew; verified 2026-06-15.
install
brew install xeollocal Homebrew formula metadata
nix profile install nixpkgs#xeolnixpkgs package indexes · pkgs/by-name/xe/xeol/package.nix · source: api.github.com
overview
Xcanner for end-of-life software in container images, filesystems, and SBOMs
history
Xeol is a Go CLI for finding end-of-life software in container images, filesystems, and SBOMs. Its niche is adjacent to vulnerability scanners: instead of asking only whether a package has a known CVE, it asks whether the software line is out of vendor support.
The xeol repository was created in December 2022, with v0.1.0 published at the end of that month. The README describes a scanner for EOL packages and documents inputs that include Docker and Podman images, OCI archives, Singularity images, directories, Syft/SPDX/CycloneDX SBOMs, registries, and attestations.
Xeol grew in the SBOM and container-security moment when teams already had image inventories and wanted policy checks beyond CVE matching. Its GitHub Action packages that workflow directly for CI, including an option to fail pipelines when EOL software is found.
Typical use is `xeol <image>` for a container image, `xeol dir:path` for a filesystem, or `xeol sbom:file` for an existing SBOM. It maintains a local SQLite EOL database sourced from endoflife.date, package registries, vendor-package feeds, and browser data, with automatic update and offline-management commands.
Xeol matters to package nerds because it treats lifecycle metadata as a first-class scan target. It connects package identity, SBOM formats, vendor support windows, and CI policy into one small CLI rather than leaving EOL status as a spreadsheet or wiki chore.
security posture
broad file, network, media, or database tool signal. infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
xeol | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/xeol-io/xeol
install metadata
| Package key | brew:xeol |
|---|---|
| Version | 0.10.8 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/xeol |
| Homepage | https://www.xeol.io/ |
| Repository | https://github.com/xeol-io/xeol |
| Upstream docs | https://github.com/xeol-io/xeol#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/xeol-io/xeol/archive/refs/tags/v0.10.8.tar.gz |
| Last updated | 2026-06-15T10:21:24-04:00 |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | xeol |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
xeol
nix profile install nixpkgs#xeolsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.