tern
tern copied to clipboard
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
We now have SPDX 2.2 (the ISO version) and SPDX 2.3, and soon we will have SPDX 3.0. It would be good to be able to specify in which version...
**Describe the Feature** In a discussion with @vargenau and his colleague, they mentioned that it would be nice to know known-unknowns in a container. This information is available from Tern...
**Describe the bug** When running `tern` on a docker image that has this statement: ``` RUN \ echo "\n#\n#\n# creating symlink from old root dir\n#\n#\n" && \ rm -rf /root...
When generating CycloneDX (JSON) SBOMs, license information is added in the form of a License ID, as following: ```python def get_license_from_name(name): return {'license': {'id': name}} ``` in file ```tern/tern/formats/cyclonedx/cyclonedx_common.py```. When...