tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
PythonBSD-2-Clause
Issues
- 0
Output generated from Tern has 0 bytes
#1249 opened by VenkatTechnologist - 0
Support `docker build` arguments for `tern sbom -f Dockerfile` and `tern lock`
#1248 opened by mtalexan - 0
Support all skopeo image prefixes for `tern report -i`
#1247 opened by mtalexan - 1
Support for SPDX 2.3?
#1246 opened by nishakm - 3
Project still alive?
#1244 opened by Jeeppler - 0
- 9
Invalid file information in SPDX documents
#1240 opened by armintaenzertng - 25
Error if Tern calls Scancode-Toolkit
#1202 opened by Jeeppler - 4
Can't build images with Dockerfile samples
#1235 opened by armintaenzertng - 4
- 2
- 3
Potential issue with `LicenseInfoFromFiles`
#1232 opened by armintaenzertng - 1
Error on image load if prefixed with a variable
#1230 opened by MaximilianB134 - 1
Parsing error: JAVA_OPTS:: bad variable name
#1231 opened by dnelaturi - 1
- 7
Shall we move the test Docker image somewhere else?
#1222 opened by nishakm - 0
golang package names create invalid SPDXRefs
#1220 opened by rnjudge - 0
- 1
Add purl information to SPDX reports when available
#1206 opened by rnjudge - 1
- 5
Tern fails in license_expression
#1203 opened by vargenau - 0
- 1
- 5
- 1
Export specific format versions (SPDX)
#1211 opened by vargenau - 12
Docker Pull Limit reached when scanning a locally saved Docker Image
#1181 opened by kiranravindran90 - 1
Issue while running the multistage docker scan
#1207 opened by yogeshmpandey - 1
Make known-unknowns more clear in the reports
#1204 opened by rnjudge - 0
SPDX 2.3: Update required licensing fields to optional
#1180 opened by rnjudge - 4
- 5
Cannot install Tern on Fedora release 37
#1197 opened by vargenau - 8
Old release of Tern when installed with ScanCode
#1195 opened by vargenau - 3
Error while trying to inspect local image
#1190 opened by Ruivalim - 1
- 5
Debian-inspector conflict while using scancode and tern
#1185 opened by Jeeppler - 8
- 3
The support for C or C++ projects or containers
#1178 opened by usmankhanisb - 2
- 1
Update SPDX license list to 3.18
#1186 opened by vargenau - 5
Tern Docker image: Pulling images from private registry
#1160 opened by software-testing-professional - 4
Add content validation tests
#1163 opened by ivanayov - 2
Separate tests per platforms
#1166 opened by ivanayov - 6
In SPDX output, have PackageLicenseDeclared give the license directly instead of creating an unnecessary LicenseRef.
#1147 opened by vargenau - 3
FilesAnalyzed: False has a wrong case for "False"
#1170 opened by vargenau - 12
- 1
- 1
- 0
Add Running tests instructions
#1164 opened by ivanayov - 1
- 0
Inventory go binaries with module support
#1146 opened by nishakm