nisha

@sayantani11 I actually don't know how commitlint works, so I will have to do some research myself! Maybe you could research step 1 in the issue description. Our commit message...

@sayantani11 Yup! those are the rules.

@rnjudge would this be a good issue to complete for the Beta release?

@vsoch Looking into this. Hopefully, by the end of this, tern will not need to invoke sudo...

@vsoch you should now be able to use tern in a docker or podman container without needing sudo. Would this work for you?

Would something like this help? https://twitter.com/_ctlfsh/status/1250596462502703104

Just a thought: how much do you want to pin? Pinning the FROM image should be straightforward, but pinning the state of software at the time of build is much...

Is it possible to expose the "live" container filesystem via llb? I would like to see something like [generating an SBOM for the base container image](tern report --live $mnt -f...

Thanks @sudo-bmitch! I'd +1 the idea of an external mount to collect at-build data.

Copyright files attached: [gpgv_copyright.txt](https://github.com/nexB/scancode-toolkit/files/4035782/gpgv_copyright.txt) [libgcrypto20_copyright.txt](https://github.com/nexB/scancode-toolkit/files/4035783/libgcrypto20_copyright.txt)