search

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
BSD 2-Clause "Simplified" License
967 stars 188 forks source link

feat: accepting skopeo full path #1191

Closed Ruivalim closed 1 year ago

Ruivalim commented 2 years ago

This is a small fix for the issue I opened about not been able to use local images with tern.

rnjudge commented 1 year ago

Hi @ruivalim -- thanks so much for this PR and your related issue! Apologies for the delay, I am just returning from maternity leave. This change looks good. I just have two small requests: 1) Can you add a commit message describing the changes you made so that we have a good record of updates to the project in the changelog (more info here: https://github.com/tern-tools/tern/blob/ce1c6d23477d8c1a91198637f2f250735e5db422/CONTRIBUTING.md#commit-message-format) and, 2) can you update Tern's report menu option to add a note that local image support is available using the docker-daemon: prefix to the local image? Right now, the image option description says: A container image referred either by repo:tag or repo@digest-type:digest but we should add something about the local image usingn the docker-dameon: prefix. Also curious.. did you try the tern report --raw-image FILE option with your local image at all? This is Tern's current method of supporting local images but wondering if it didn't work for you.

rnjudge commented 1 year ago

Ping again @Ruivalim :) Any chance you can make those updates in the next week? If not, I am happy to take over the PR and update for you.

Thanks!

Ruivalim commented 1 year ago

Hi @rnjudge,

I've been sick for the past week and couldn't work on this properly, my plan is to work this on Monday.

Thank you for the feedback!

rnjudge commented 1 year ago

Hi @Ruivalim - I hope you are feeling better! I am really hoping to get a release out the door by the end of the week. If you're able to work on this by tomorrow, that's great! Otherwise, I will take over the PR (and still give you credit) so we can get this wonderful fix merged to be included in the release.

Thanks!

rnjudge commented 1 year ago

See: https://github.com/tern-tools/tern/pull/1198

Ruivalim commented 1 year ago

Hi @rnjudge

Thank you for the help, I got a little worse over that weekend and had to take another week off.

I appreciate the help with this.