Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
An SPDXID is generated using the package name and version metadta. Some
versions, however, contain an underscore in them and an SPDXID cannot
contain an underscore character. This commit replaces underscores in
SPDXIDs with a dash.
An SPDXID is generated using the package name and version metadta. Some versions, however, contain an underscore in them and an SPDXID cannot contain an underscore character. This commit replaces underscores in SPDXIDs with a dash.
Resolves #1143
Signed-off-by: Marc-Etienne Vargenau marc-etienne.vargenau@nokia.com Signed-off-by: Rose Judge rjudge@vmware.com