Alex Goodman is a tech lead with 12 years of experience building cloud-native infrastructure and developer tooling, currently leading engineering at Anchore from Alexandria, VA. He combines deep systems and backend expertise in Python, Go, and C/C++ with practical Linux and DevOps experience, having contributed key CLI, parsing, and logging features to prominent open-source security projects like Grype, Syft, and Anchore Engine. Alex has driven CI/CD, ECS/OpenShift migrations, and cost-saving containerization efforts in consulting roles, and has a history of accelerating developer onboarding through tooling that manages large multi-repo projects. His work spans vulnerability scanning, SBOM generation, and Docker image analysis—areas where his commits added testing rigor and real-world parsing for Java, PHP, and package formats. A Johns Hopkins MS in Computer Science complements his hands-on engineering background, and he often pairs backend improvements with practical UI and caching work, reflecting a full-stack sensibility in system-focused projects.
11 years of coding experience
9 years of employment as a software developer
Bachelor of Science (BS), Computer Engineering, Bachelor of Science (BS), Computer Engineering at Virginia Tech
A vulnerability scanner for container images and filesystems
Role in this project:
Back-end & DevOps Engineer
Contributions:615 reviews, 335 commits, 574 PRs in 2 years 6 months
Contributions summary:Alex's commits focused on implementing and refining the CLI commands and subcommands for the Grype vulnerability scanner. This included the addition of new commands such as "check," "update," "show," and "clear," as well as integration of global persistent flags. The changes encompassed modifications to the root command and auxiliary packages, indicating work across the command structure and option processing for Grype. The commits also involved setting up and configuring logging options, suggesting involvement in the application's infrastructure and user interface.
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Role in this project:
Back-end Developer
Contributions:1 release, 1681 reviews, 690 commits in 2 years 9 months
Contributions summary:Alex's contributions primarily revolve around enhancing the Syft tool's core functionality, specifically by adding the ability to parse and catalog Java library dependencies and the code necessary to output the results in a CycloneDX format, indicating a focus on backend software development. Furthermore, they focused on improvements for PHP and Java package management, demonstrating a familiarity with diverse software ecosystems and formats. The user implemented and tested the changes for performance and correct output.
filesystemsspdxociclivulnerabilities
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.