Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
BSD 2-Clause "Simplified" License
967
stars
188
forks
source link
Invalid chars included in SPDX declared licenses #1225
Tern was including commas and other invalid characters in SPDX license expressions which resulted in failed validation for generated SPDX docs. This commit removes the inappropriate characters and replaces them with valid ones (i.e. swapping & for and) before checking if a license expression is valid. It also updates the related function descriptions and comments for clarity.
Tern was including commas and other invalid characters in SPDX license expressions which resulted in failed validation for generated SPDX docs. This commit removes the inappropriate characters and replaces them with valid ones (i.e. swapping
&forand) before checking if a license expression is valid. It also updates the related function descriptions and comments for clarity.Fixes: #1223