You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tern is a software package inspection tool that can create a Software Bill of Materials (SBOM) for containers. It's written in Python3 with a smattering of shell scripts.
This is the database where filesystem identifiers can be queried against to retrieve package information. This is useful as many containers are based on other container images. If Tern had come across the same filesystem in another container, it can retrieve the package information without spinning up a container. Tern looks for filesystems here before doing any analysis. This is Tern's own data store which can be curated and culled over time. The reason that Tern keeps its own data store is because the filesystem artifacts that make up a container image are not necessarily how other compliance databases store license information. The filesystems also follow their own method of identifying themselves. A container build is not reproducible, so often, even when the content of the filesystem has not changed, the container's checksum has and that makes it difficult to identify the contents of a container image.
The main class is Image and its derived classes. This class contains a list of type ImageLayer. ImageLayer contains a list of type Package. Image, ImageLayer and Package contain a property called origins which is an object of type Origins. This class is used to record notes while Tern operates on an image such as what tools were used to retrieve the metadata or if the filesystem is of unknown content. Origins contains a list of type NoticeOrigin which contains a string and a list of type Notice. The Notice objects are where messages get recorded. You can easily record a message in the origins property of the Image, ImageLayer and Package types of objects by using the add_notice_to_origins method which just adds a Notice object to the NoticeOrigin object containing the origin string you give it ("origin_str" is basically a string indicating where in the image or analysis stage an event that you want recorded occurred).
You will also see a class called Template. This is an abstract base class used to make custom formats. To learn more see the documentation on creating custom formats.
https://github.com/tern-tools/tern
https://github.com/tern-tools/tern/blob/main/docs/architecture.md
The Cache
This is the database where filesystem identifiers can be queried against to retrieve package information. This is useful as many containers are based on other container images. If Tern had come across the same filesystem in another container, it can retrieve the package information without spinning up a container. Tern looks for filesystems here before doing any analysis. This is Tern's own data store which can be curated and culled over time. The reason that Tern keeps its own data store is because the filesystem artifacts that make up a container image are not necessarily how other compliance databases store license information. The filesystems also follow their own method of identifying themselves. A container build is not reproducible, so often, even when the content of the filesystem has not changed, the container's checksum has and that makes it difficult to identify the contents of a container image.
Analyzer
Data Model
https://github.com/tern-tools/tern/blob/main/docs/data-model.md#terns-data-model
![](
You will also see a class called
Template
. This is an abstract base class used to make custom formats. To learn more see the documentation on creating custom formats.Misc
The text was updated successfully, but these errors were encountered: