はじめに; TERNとは?
本記事ではTernの利用方法と結果を紹介する.Ternは公式で"Tern is a software package inspection tool for containers. It's written in Python3 with a smattering of shell scripts." と説明されているコンテナ内のソフトウェアパッケージを分析するツールである。Scancode-toolkitを呼び出し検出されたパッケージのOSSライセンスの確認を行ったり,cve-bin-toolを呼び出し検出されたパッケージ脆弱性情報の確認を行うことも可能である.
TERN のインストール
インストールにはコードからインストールする他にpipを利用インストール,Vagrantを利用インストールが可能である.TERN の最新版は2020年7月の時点で2.1.1であり,本記事ではこのバージョンのTERNの表示や結果を紹介する.
事前準備
今回はUbuntu18.04,Python3.6を利用,詳細は展開で確認可能
Dockerインストール方法
Dockerインストール
$ sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
$ sudo apt-get update
$ sudo apt-get install docker-ce
# Option
$ sudo groupadd docker
$ sudo adduser $(whoami) docker
$ sudo chmod 666 /var/run/docker.sock
$ docker images # 確認
# proxy setting
$ mkdir ~/.docker/
$ vim ~/.docker/config.json
config.json
{
"proxies":
{
"default":
{
"httpProxy": "http://127.0.0.1:3001",
"httpsProxy": "http://127.0.0.1:3001",
"noProxy": "*.test.example.com,.example2.com"
}
}
}
Dockerのインストール詳細については以下を参照
https://docs.docker.com/engine/install/ubuntu/
Proxy設定方法
proxy設定例
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ echo -e "[Service]\nEnvironment=\"HTTP_PROXY=http://your.proxy.url:port/\"" | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://your.proxy.url:port/" "HTTPS_PROXY=https://your.proxy.url:port/"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
$ sudo usermod -aG docker $USER
仮想環境構築
環境構築
$ sudo apt update -y
$ sudo apt install -y attr
$ sudo apt install -y git
$ sudo apt install -y python3.6
$ sudo apt install -y python3-venv
$ python3 -m venv ternenv #Create a python3 virtual environment
$ cd ternenv
$ source bin/activate #start virtual environment
$ deactivate # end environment
仮想環境例
hama@docker-license:~/TERN/ternenv-new$ ls
bin include lib lib64 pyvenv.cfg share tern
hama@docker-license:~/TERN/ternenv-new$ source bin/activate
(ternenv-new) hama@docker-license:~/TERN/ternenv-new$ deactivate
hama@docker-license:~/TERN/ternenv-new$
pip 利用インストール
作成した仮想環境で以下を実行
$ pip3 install tern
- Pypi(TERN) から取得
Tern のインストール画面
hama@docker-license:~/TERN/ternenv$ source bin/activate
(ternenv) hama@docker-license:~/TERN/ternenv$ pip install tern
Collecting tern
Downloading https://files.pythonhosted.org/packages/86/46/a45a339ee97c6756e036c222cd0bd416c9088445656a3b96d04676ac536e/tern-2.1.0-py3-none-any.whl (98kB)
100% |████████████████████████████████| 102kB 2.2MB/s
Collecting idna==2.9 (from tern)
Downloading https://files.pythonhosted.org/packages/89/e3/afebe61c546d18fb1709a61bee788254b40e736cff7271c7de5de2dc4128/idna-2.9-py2.py3-none-any.whl (58kB)
100% |████████████████████████████████| 61kB 6.1MB/s
Collecting dockerfile-parse==0.0.17 (from tern)
Downloading https://files.pythonhosted.org/packages/d3/0d/650e77c15ba4975e203d6f26a6ce16cb72d935541f09a0188fa6e62ce621/dockerfile_parse-0.0.17-py2.py3-none-any.whl
Collecting stevedore==1.32.0 (from tern)
Downloading https://files.pythonhosted.org/packages/e6/49/a35dd566626892d577e426dbe5ea424dd7fbe10645f2c1070dcba474eca9/stevedore-1.32.0-py2.py3-none-any.whl (43kB)
100% |████████████████████████████████| 51kB 9.0MB/s
Collecting certifi==2020.4.5.1 (from tern)
Downloading https://files.pythonhosted.org/packages/57/2b/26e37a4b034800c960a00c4e1b3d9ca5d7014e983e6e729e33ea2f36426c/certifi-2020.4.5.1-py2.py3-none-any.whl (157kB)
100% |████████████████████████████████| 163kB 2.3MB/s
Collecting docker==4.2.0 (from tern)
Downloading https://files.pythonhosted.org/packages/58/74/379a9d30b1620def158c40b88c43e01c1936a287ebb97afab0699c601c57/docker-4.2.0-py2.py3-none-any.whl (143kB)
100% |████████████████████████████████| 153kB 5.2MB/s
Collecting pyyaml==5.3.1 (from tern)
Downloading https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz (269kB)
100% |████████████████████████████████| 276kB 1.6MB/s
Collecting websocket-client==0.57.0 (from tern)
Downloading https://files.pythonhosted.org/packages/4c/5f/f61b420143ed1c8dc69f9eaec5ff1ac36109d52c80de49d66e0c36c3dfdf/websocket_client-0.57.0-py2.py3-none-any.whl (200kB)
100% |████████████████████████████████| 204kB 1.7MB/s
Collecting pbr==5.4.5 (from tern)
Downloading https://files.pythonhosted.org/packages/96/ba/aa953a11ec014b23df057ecdbc922fdb40ca8463466b1193f3367d2711a6/pbr-5.4.5-py2.py3-none-any.whl (110kB)
100% |████████████████████████████████| 112kB 2.8MB/s
Collecting requests==2.23.0 (from tern)
Downloading https://files.pythonhosted.org/packages/1a/70/1935c770cb3be6e3a8b78ced23d7e0f3b187f5cbfab4749523ed65d7c9b1/requests-2.23.0-py2.py3-none-any.whl (58kB)
100% |████████████████████████████████| 61kB 7.7MB/s
Collecting six==1.15.0 (from tern)
Downloading https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl
Collecting urllib3==1.25.9 (from tern)
Downloading https://files.pythonhosted.org/packages/e1/e5/df302e8017440f111c11cc41a6b432838672f5a70aa29227bf58149dc72f/urllib3-1.25.9-py2.py3-none-any.whl (126kB)
100% |████████████████████████████████| 133kB 3.0MB/s
Collecting attrs==19.3.0 (from tern)
Downloading https://files.pythonhosted.org/packages/a2/db/4313ab3be961f7a763066401fb77f7748373b6094076ae2bda2806988af6/attrs-19.3.0-py2.py3-none-any.whl
Collecting debut==0.9.4 (from tern)
Downloading https://files.pythonhosted.org/packages/fa/73/eb4b0de5e9575c5c3e629d6c83d015afac548ad09dbc5d6b6330918bf9c2/debut-0.9.4-py2.py3-none-any.whl
Collecting chardet==3.0.4 (from tern)
Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
100% |████████████████████████████████| 143kB 2.5MB/s
Building wheels for collected packages: pyyaml
Running setup.py bdist_wheel for pyyaml ... error
Complete output from command /home/hama/TERN/ternenv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-2w8qjj6j/pyyaml/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpspcwa0whpip-wheel- --python-tag cp36:
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: invalid command 'bdist_wheel'
----------------------------------------
Failed building wheel for pyyaml
Running setup.py clean for pyyaml
Failed to build pyyaml
Installing collected packages: idna, six, dockerfile-parse, pbr, stevedore, certifi, chardet, urllib3, requests, websocket-client, docker, pyyaml, attrs, debut, tern
Running setup.py install for pyyaml ... done
Successfully installed attrs-19.3.0 certifi-2020.4.5.1 chardet-3.0.4 debut-0.9.4 docker-4.2.0 dockerfile-parse-0.0.17 idna-2.9 pbr-5.4.5 pyyaml-5.3.1 requests-2.23.0 six-1.15.0 stevedore-1.32.0 tern-2.1.0 urllib3-1.25.9 websocket-client-0.57.0
(ternenv) hama@docker-license:~/TERN/ternenv$
インストールが成功したら以下のようにバージョンが確認できる
Ternバージョン確認
(ternenv) hama@docker-license:~/TERN/ternenv$ tern --version
Tern version 2.1.0
python version = 3.6.9 (default, Apr 18 2020, 01:56:04)
Tern Dockerイメージのインストール
Dockerでインストール
$ docker build -t ternd .
Tern Dockerイメージのインストール画面
Dockerでインストールする場合
beach@debian:~/openchaintools/tern$ docker build -t ternd .
Sending build context to Docker daemon 10.55MB
Step 1/5 : FROM photon:3.0
3.0: Pulling from library/photon
3e2574d05192: Pull complete
Digest: sha256:c433475c637adcd81c9434f57decaa417409ef9ebbe174880c7831352ba2353e
Status: Downloaded newer image for photon:3.0
---> a3bbbff46f10
Step 2/5 : RUN tdnf remove -y toybox && tdnf install -y tar findutils attr util-linux python3 python3-pip python3-setuptools git && pip3 install --upgrade pip && pip3 install tern
---> Running in 53ab81e9e805
Refreshing metadata for: 'VMware Photon Linux 3.0 (x86_64) Updates'
Refreshing metadata for: 'VMware Photon Extras 3.0 (x86_64)'
Refreshing metadata for: 'VMware Photon Linux 3.0 (x86_64)'
Installing:
gmp x86_64 6.1.2-3.ph3 photon-updates 524.08k 536656
grep x86_64 3.1-2.ph3 photon-updates 241.50k 247301
coreutils x86_64 8.30-2.ph3 photon-updates 5.84M 6127774
Total installed size: 6.59M 6911731
Removing:
toybox x86_64 0.8.2-1.ph3 @System 343.17k 351410
Total installed size: 343.17k 351410
Downloading:
Testing transaction
Running transaction
Installing/Updating: gmp-6.1.2-3.ph3.x86_64
Installing/Updating: coreutils-8.30-2.ph3.x86_64
Installing/Updating: grep-3.1-2.ph3.x86_64
Removing: toybox-0.8.2-1.ph3.x86_64
Complete!
Installing:
libgcrypt x86_64 1.8.5-1.ph3 photon-updates 1.18M 1232716
pcre-libs x86_64 8.42-1.ph3 photon 278.01k 284680
glib x86_64 2.58.0-4.ph3 photon-updates 3.11M 3265152
openldap x86_64 2.4.48-2.ph3 photon-updates 1.59M 1666001
libgpg-error x86_64 1.32-1.ph3 photon 203.31k 208186
kmod x86_64 25-1.ph3 photon 247.49k 253427
elfutils x86_64 0.176-1.ph3 photon-updates 1.74M 1821041
systemd x86_64 239-24.ph3 photon-updates 20.19M 21173459
cracklib x86_64 2.9.6-8.ph3 photon 43.37k 44408
Linux-PAM x86_64 1.3.0-1.ph3 photon 1.06M 1113660
cyrus-sasl x86_64 2.1.26-16.ph3 photon-updates 637.70k 653008
serf x86_64 1.3.9-1.ph3 photon 110.17k 112816
subversion x86_64 1.10.2-5.ph3 photon-updates 7.75M 8128609
apr x86_64 1.6.5-2.ph3 photon-updates 619.72k 634595
libstdc++ x86_64 7.3.0-4.ph3 photon 1.62M 1694772
nss x86_64 3.44-4.ph3 photon-updates 2.19M 2298787
utf8proc x86_64 2.2.0-1.ph3 photon 321.91k 329632
apr-util x86_64 1.6.1-2.ph3 photon 267.83k 274263
subversion-perl x86_64 1.10.2-5.ph3 photon-updates 4.90M 5138434
pkg-config x86_64 0.29.2-2.ph3 photon 610.51k 625164
python2-libs x86_64 2.7.17-4.ph3 photon-updates 15.55M 16309966
python2 x86_64 2.7.17-4.ph3 photon-updates 1.83M 1913661
gdbm x86_64 1.18-1.ph3 photon 256.88k 263044
perl x86_64 5.28.0-7.ph3 photon-updates 56.89M 59655796
ncurses x86_64 6.1-2.ph3 photon-updates 357.89k 366475
libffi x86_64 3.2.1-6.ph3 photon 39.28k 40224
perl-DBI x86_64 1.641-1.ph3 photon 1.81M 1898474
perl-YAML noarch 1.26-1.ph3 photon 132.69k 135872
perl-CGI noarch 4.40-1.ph3 photon 538.61k 551538
python3-xml x86_64 3.7.5-3.ph3 photon-updates 333.69k 341698
xz x86_64 5.2.4-1.ph3 photon 166.45k 170445
python3-libs x86_64 3.7.5-3.ph3 photon-updates 22.88M 23992074
util-linux-libs x86_64 2.32.1-2.ph3 photon-updates 723.08k 740432
git x86_64 2.23.3-1.ph3 photon-updates 24.89M 26100865
python3-setuptools noarch 3.7.5-3.ph3 photon-updates 1.61M 1692186
python3-pip noarch 3.7.5-3.ph3 photon-updates 4.28M 4489641
python3 x86_64 3.7.5-3.ph3 photon-updates 2.90M 3044206
util-linux x86_64 2.32.1-2.ph3 photon-updates 5.27M 5528420
attr x86_64 2.4.48-1.ph3 photon 87.45k 89546
findutils x86_64 4.6.0-5.ph3 photon 518.63k 531082
tar x86_64 1.30-4.ph3 photon-updates 4.65M 4880464
Total installed size: 194.25M 203688919
Downloading:
Testing transaction
Running transaction
Installing/Updating: util-linux-libs-2.32.1-2.ph3.x86_64
Installing/Updating: apr-1.6.5-2.ph3.x86_64
Installing/Updating: xz-5.2.4-1.ph3.x86_64
Installing/Updating: libffi-3.2.1-6.ph3.x86_64
Installing/Updating: ncurses-6.1-2.ph3.x86_64
Installing/Updating: gdbm-1.18-1.ph3.x86_64
Installing/Updating: perl-5.28.0-7.ph3.x86_64
Installing/Updating: pkg-config-0.29.2-2.ph3.x86_64
Installing/Updating: python2-libs-2.7.17-4.ph3.x86_64
Installing/Updating: python2-2.7.17-4.ph3.x86_64
Installing/Updating: python3-3.7.5-3.ph3.x86_64
Installing/Updating: python3-libs-3.7.5-3.ph3.x86_64
Installing/Updating: utf8proc-2.2.0-1.ph3.x86_64
Installing/Updating: libstdc++-7.3.0-4.ph3.x86_64
Installing/Updating: libgpg-error-1.32-1.ph3.x86_64
Installing/Updating: libgcrypt-1.8.5-1.ph3.x86_64
Installing/Updating: elfutils-0.176-1.ph3.x86_64
Installing/Updating: nss-3.44-4.ph3.x86_64
Installing/Updating: apr-util-1.6.1-2.ph3.x86_64
Installing/Updating: python3-xml-3.7.5-3.ph3.x86_64
Installing/Updating: perl-DBI-1.641-1.ph3.x86_64
Installing/Updating: perl-YAML-1.26-1.ph3.noarch
Installing/Updating: perl-CGI-4.40-1.ph3.noarch
Installing/Updating: kmod-25-1.ph3.x86_64
Installing/Updating: cracklib-2.9.6-8.ph3.x86_64
using empty dict to provide pw_dict
Installing/Updating: Linux-PAM-1.3.0-1.ph3.x86_64
Installing/Updating: pcre-libs-8.42-1.ph3.x86_64
Installing/Updating: glib-2.58.0-4.ph3.x86_64
Installing/Updating: systemd-239-24.ph3.x86_64
Installing/Updating: cyrus-sasl-2.1.26-16.ph3.x86_64
Installing/Updating: openldap-2.4.48-2.ph3.x86_64
Installing/Updating: serf-1.3.9-1.ph3.x86_64
Installing/Updating: subversion-1.10.2-5.ph3.x86_64
Installing/Updating: subversion-perl-1.10.2-5.ph3.x86_64
Installing/Updating: git-2.23.3-1.ph3.x86_64
Installing/Updating: python3-pip-3.7.5-3.ph3.noarch
Installing/Updating: python3-setuptools-3.7.5-3.ph3.noarch
Installing/Updating: util-linux-2.32.1-2.ph3.x86_64
Installing/Updating: tar-1.30-4.ph3.x86_64
Installing/Updating: findutils-4.6.0-5.ph3.x86_64
Installing/Updating: attr-2.4.48-1.ph3.x86_64
Complete!
Collecting pip
Downloading https://files.pythonhosted.org/packages/43/84/23ed6a1796480a6f1a2d38f2802901d078266bda38388954d01d3f2e821d/pip-20.1.1-py2.py3-none-any.whl (1.5MB)
Installing collected packages: pip
Found existing installation: pip 19.2.3
Uninstalling pip-19.2.3:
Successfully uninstalled pip-19.2.3
Successfully installed pip-20.1.1
Collecting tern
Downloading tern-2.1.0-py3-none-any.whl (98 kB)
Collecting urllib3==1.25.9
Downloading urllib3-1.25.9-py2.py3-none-any.whl (126 kB)
Collecting dockerfile-parse==0.0.17
Downloading dockerfile_parse-0.0.17-py2.py3-none-any.whl (13 kB)
Collecting idna==2.9
Downloading idna-2.9-py2.py3-none-any.whl (58 kB)
Collecting requests==2.23.0
Downloading requests-2.23.0-py2.py3-none-any.whl (58 kB)
Collecting stevedore==1.32.0
Downloading stevedore-1.32.0-py2.py3-none-any.whl (43 kB)
Collecting pbr==5.4.5
Downloading pbr-5.4.5-py2.py3-none-any.whl (110 kB)
Collecting debut==0.9.4
Downloading debut-0.9.4-py2.py3-none-any.whl (38 kB)
Collecting websocket-client==0.57.0
Downloading websocket_client-0.57.0-py2.py3-none-any.whl (200 kB)
Collecting pyyaml==5.3.1
Downloading PyYAML-5.3.1.tar.gz (269 kB)
Collecting chardet==3.0.4
Downloading chardet-3.0.4-py2.py3-none-any.whl (133 kB)
Collecting certifi==2020.4.5.1
Downloading certifi-2020.4.5.1-py2.py3-none-any.whl (157 kB)
Collecting six==1.15.0
Downloading six-1.15.0-py2.py3-none-any.whl (10 kB)
Collecting attrs==19.3.0
Downloading attrs-19.3.0-py2.py3-none-any.whl (39 kB)
Collecting docker==4.2.0
Downloading docker-4.2.0-py2.py3-none-any.whl (143 kB)
Using legacy setup.py install for pyyaml, since package 'wheel' is not installed.
Installing collected packages: urllib3, six, dockerfile-parse, idna, certifi, chardet, requests, pbr, stevedore, attrs, debut, websocket-client, pyyaml, docker, tern
Running setup.py install for pyyaml: started
Running setup.py install for pyyaml: finished with status 'done'
Successfully installed attrs-19.3.0 certifi-2020.4.5.1 chardet-3.0.4 debut-0.9.4 docker-4.2.0 dockerfile-parse-0.0.17 idna-2.9 pbr-5.4.5 pyyaml-5.3.1 requests-2.23.0 six-1.15.0 stevedore-1.32.0 tern-2.1.0 urllib3-1.25.9 websocket-client-0.57.0
Removing intermediate container 53ab81e9e805
---> 6a1de035c682
Step 3/5 : RUN mkdir hostmount
---> Running in 7bd909d217aa
Removing intermediate container 7bd909d217aa
---> e2db6c57008b
Step 4/5 : ENTRYPOINT ["tern", "-q", "-b", "/hostmount"]
---> Running in fba412956e94
Removing intermediate container fba412956e94
---> ecaceed787bd
Step 5/5 : CMD ["-h"]
---> Running in 8de2ddd7e3f1
Removing intermediate container 8de2ddd7e3f1
---> 1bca18e30cc4
Successfully built 1bca18e30cc4
Successfully tagged ternd:latest
コードからビルド
最新のTernを利用したいときは以下を実行しインストールする.本記事でも基本的にこの方法でインストールしたものを用いて話を進める.
$ python3 -m venv ternenv-new1
$ cd ternenv-new1/
$ source bin/activate
$ git clone https://github.com/tern-tools/tern.git
$ cd tern
$ pip3 install -r requirements.txt
# Dockerの読み込みに時間がかかる環境下では以下のファイルのL.38 timeoutを変更
$ vim tern/analyze/docker/container.py
$ python3 setup.py install
(注)タイムアウトについては以下参照
https://www.gitmemory.com/issue/vmware/tern/630/611237133
上記インストールに問題がなければ,以下のように最新のバージョンがインストールされていることが確認できる.
TERN_version2.1.1確認
$ tern --version
Tern version 2.1.1
python version = 3.6.9 (default, Apr 18 2020, 01:56:04)
TERN の利用方法
はじめに記載した通り,ternはscancode, cve-bin-toolを拡張機能として利用することもでき,これによりOSSライセンスや脆弱性の確認が可能である.ここでは,TERN単独で利用する方法の他にScancodeとcve-bin-toolを利用する方法を紹介する.
TERN 分析と結果出力
まず,TERNだけでコンテナイメージの中のパッケージを調査する方法を紹介する.
基本的には以下のようにternコマンドに必要なオプションを組み合わせて利用する.
Tern実行
$ tern report -o output.txt -i debian:buster
[-o] で出力ファイル名を指定し,[-i]で調査を行うイメージの指定をする.なおDocker imageは以下で確認でき,[-i]オプションには[REPOSITORY]:[TAG]の形式で記載する必要がある.
Dockerイメージの参照
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
golang 1.14.4 00d970a31ef2 3 weeks ago 810MB
golang latest 00d970a31ef2 3 weeks ago 810MB
ubuntu latest 74435f89ab78 4 weeks ago 73.9MB
debian buster 1b686a95ddbf 5 weeks ago 114MB
fossology/fossology 3.8.1 164d5611fa8d 8 weeks ago 644MB
オプションは他にアウトプット表示をなくす[-q]やデバック用にワーキングディレクトリを残す[-k] がある.v2.1.1ではv2.1.0ではバグできなかった[-w]又は[--raw-image]でローカルに保存している raw container image のtarファイルを対象を指定することも可能となっている.
詳細は以下を参考にしてほしい.
Ternオプション
ternオプション
$ tern --help
usage: Tern [-h] [-q] [-c] [-k] [-b BIND_DIR] [-r] [-wd PATH] [-v]
{report,lock} ...
Tern is a container image component curation tool. Tern retrieves
information about packages that are installed in a container image.
Learn more at https://github.com/tern-tools/tern
positional arguments:
{report,lock} Subcommands
report Create a BoM report. Run 'tern report -h' for report for
mat options.
lock Create an annotated Dockerfile that will pin the informa
tion it finds. Use this option to help achieve a more repeatable container image
build.
optional arguments:
-h, --help show this help message and exit
-q, --quiet Silences the output to the terminal;Useful when logging
behaviour unnecessary
-c, --clear-cache Clear the cache before running
-k, --keep-wd Keep the working directory after execution. Useful when
debugging container images
-b BIND_DIR, --bind-mount BIND_DIR
Absolute path to bind mount target. Needed when running
from within a container.
-r, --redo Repopulate the cache for found layers
-wd PATH, --working-dir PATH
Change default working directory to specifiedabsolute path.
-v, --version show program's version number and exit
実際にdebian:busterのイメージを分析すると,ターミナル上には以下のように表⽰される.
Tern実行画面
$ tern report -o output.txt -i debian:buster
2020-06-19 16:30:37,688 - DEBUG - __main__ - Starting...
2020-06-19 16:30:37,688 - DEBUG - run - Setting up...
2020-06-19 16:30:37,692 - DEBUG - container - Checking if image "debian:buster" is available on disk...
2020-06-19 16:30:37,694 - DEBUG - container - Attempting to pull image "debian:buster"
2020-06-19 16:31:03,144 - DEBUG - container - Image "debian:buster" downloaded
2020-06-19 16:31:03,145 - DEBUG - container - Checking if image "debian:buster" is available on disk...
2020-06-19 16:31:03,147 - DEBUG - container - Image "debian:buster" found
2020-06-19 16:31:05,908 - DEBUG - rootfs - Running command: tar -tf /home/hama/.tern/temp.tar
2020-06-19 16:31:05,911 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/hama/.tern/temp.tar -C /home/hama/.tern/temp
2020-06-19 16:31:06,080 - DEBUG - rootfs - Running command: tar -tf /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/layer.tar
2020-06-19 16:31:06,106 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/layer.tar -C /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/contents
2020-06-19 16:31:06,467 - DEBUG - rootfs - Running command: sudo /home/hama/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/contents
2020-06-19 16:31:16,451 - DEBUG - common - Reading files in filesystem...
2020-06-19 16:31:19,372 - DEBUG - rootfs - Running command: sudo mount -o bind /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/contents /home/hama/.tern/temp/mergedir
2020-06-19 16:31:19,387 - DEBUG - rootfs - Running command: sudo mount -t proc /proc /home/hama/.tern/temp/mergedir/proc
2020-06-19 16:31:19,396 - DEBUG - rootfs - Running command: sudo mount -o bind /sys /home/hama/.tern/temp/mergedir/sys
2020-06-19 16:31:19,407 - DEBUG - rootfs - Running command: sudo mount -o bind /dev /home/hama/.tern/temp/mergedir/dev
2020-06-19 16:31:19,419 - DEBUG - rootfs - Running command: sudo cp /etc/resolv.conf /home/hama/.tern/temp/mergedir/etc/resolv.conf
2020-06-19 16:31:19,427 - DEBUG - rootfs - Running command: sudo unshare -pf --mount-proc=/home/hama/.tern/temp/mergedir/proc chroot /home/hama/.tern/temp/mergedir /bin/sh -c dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'
2020-06-19 16:31:19,498 - DEBUG - rootfs - Running command: sudo unshare -pf --mount-proc=/home/hama/.tern/temp/mergedir/proc chroot /home/hama/.tern/temp/mergedir /bin/sh -c pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'` && for p in $pkgs; do dpkg -l $p | awk 'NR>5 {print $3}'; done
2020-06-19 16:31:19,938 - DEBUG - rootfs - Running command: sudo unshare -pf --mount-proc=/home/hama/.tern/temp/mergedir/proc chroot /home/hama/.tern/temp/mergedir /bin/sh -c pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'` && for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
2020-06-19 16:31:20,253 - WARNING - common - Inconsistent lengths for key: proj_urls
2020-06-19 16:31:20,263 - DEBUG - rootfs - Running command: sudo umount /home/hama/.tern/temp/mergedir/proc
2020-06-19 16:31:20,334 - DEBUG - rootfs - Running command: sudo umount /home/hama/.tern/temp/mergedir/sys
2020-06-19 16:31:20,366 - DEBUG - rootfs - Running command: sudo umount /home/hama/.tern/temp/mergedir/dev
2020-06-19 16:31:20,402 - DEBUG - rootfs - Running command: sudo umount -rl /home/hama/.tern/temp/mergedir
2020-06-19 16:31:20,780 - DEBUG - generator - Creating a detailed report of components in image...
2020-06-19 16:31:20,784 - DEBUG - rootfs - Running command: sudo rm -rf /home/hama/.tern/temp/f7e7c23401d7e2b69d969f9a1d6daa273774cc3a0e871c08770721ff7f30b58a/contents
2020-06-19 16:31:20,929 - DEBUG - run - Teardown...
2020-06-19 16:31:29,465 - DEBUG - rootfs - Running command: sudo rm -rf /home/hama/.tern/temp/mergedir
2020-06-19 16:31:29,474 - DEBUG - rootfs - Running command: sudo rm -rf /home/hama/.tern/temp/workdir
2020-06-19 16:31:29,503 - DEBUG - __main__ - Report completed.
2020-06-19 16:31:29,503 - DEBUG - __main__ - Finished
出力フォーマットはjson, yaml, html,SPDX tag-value 形式選択可能であり,例えば htmlやSPDX tag-value 形式で出力したい場合は,[-f]オプションを利用して以下のようにTERNを実行する.
TERN結果html出力
$ tern report -f html -i golang:1.12-alpine -o report.html
(注) html 形式を利用するにはここより後にコミットされたTERNを利用する必要があり,2020年7月pipでインストールするVersion2.1では利用できない.
TERN結果SPDX_tag-value出力
$ tern report -f spdxtagvalue -i golang:1.12-alpine -o spdx.txt
ScanCodeを用いたTERNの分析結果出力
OSSライセンスの検出を行うOSSScancodeを呼び出して利用することができる.この機能を利用する場合scancodeのインストールをTERNと同じ環境で行う必要がある.
scancodeのインストール
$ pip3 install scancode-toolkit
[-x]オプション付けることで利用できる.
scancodeを組み合わせてTERNの利用
$ tern report -x scancode -i golang:1.12-alpine -o scancode-tern.txt
cve-bin-toolを用いたTERNの分析結果出力
脆弱性の調査について行うcve-bin-toolを呼び出して利用することができる.この機能を利用する場合cve-bin-toolのインストールをTERNと同じ環境で行う必要がある.
$ pip3 install cve-bin-tool
[-x]オプション付けることで利用できる.
cve-bin-toolを組み合わせてTERNの利用
$ tern report -x cve_bin_tool -i golang:1.12-alpine -o cve-bin-tool-out-put.txt
cve-bin-toolを用いたTERNの分析結果出力
cve-bin-toolを用いたTERNの分析結果出力
(ternenv) beach@beach:~/TERN/ternenv$ tern report -x cve_bin_tool -i golang:1.12-alpine
2020-07-20 16:51:15,956 - DEBUG - __main__ - Starting...
2020-07-20 16:51:15,957 - DEBUG - run - Setting up...
2020-07-20 16:51:15,962 - DEBUG - container - Checking if image "golang:1.12-alpine" is available on disk...
2020-07-20 16:51:15,966 - DEBUG - container - Attempting to pull image "golang:1.12-alpine"
2020-07-20 16:52:19,885 - DEBUG - container - Image "golang:1.12-alpine" downloaded
2020-07-20 16:52:19,886 - DEBUG - container - Checking if image "golang:1.12-alpine" is available on disk...
2020-07-20 16:52:19,889 - DEBUG - container - Image "golang:1.12-alpine" found
2020-07-20 16:52:26,344 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp.tar
2020-07-20 16:52:26,355 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp.tar -C /home/beach/.tern/temp
2020-07-20 16:52:27,463 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/layer.tar
2020-07-20 16:52:27,485 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/layer.tar -C /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents
2020-07-20 16:52:27,526 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents
2020-07-20 16:52:27,724 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/layer.tar
2020-07-20 16:52:27,740 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/layer.tar -C /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents
2020-07-20 16:52:27,771 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents
2020-07-20 16:52:28,096 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/layer.tar
2020-07-20 16:52:28,101 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/layer.tar -C /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/contents
2020-07-20 16:52:28,106 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/contents
2020-07-20 16:52:28,121 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/layer.tar
2020-07-20 16:52:28,298 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/layer.tar -C /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents
2020-07-20 16:52:29,569 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents
2020-07-20 16:52:48,971 - DEBUG - rootfs - Running command: tar -tf /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/layer.tar
2020-07-20 16:52:48,976 - DEBUG - rootfs - Running command: tar -x --exclude=.wh.* -f /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/layer.tar -C /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/contents
2020-07-20 16:52:48,986 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/lib/python3.6/site-packages/tern/tools/fs_hash.sh /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/contents
2020-07-20 16:52:49,054 - DEBUG - executor - Analyzing layer 1
2020-07-20 16:52:49,055 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/bin/cve-bin-tool -x -u now /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents
cve_bin_tool.CVEDB - INFO - Updating CVE data. This will take a few minutes.
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2020.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2019.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2018.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2017.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2016.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2015.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2014.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2013.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2012.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2011.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2010.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2009.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2008.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2007.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2006.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2005.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2004.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2003.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2002.json.gz
cve_bin_tool.Scanner - INFO - Checkers: binutils, bluez, bzip2, cups, curl, expat, ffmpeg, gnutls, gstreamer, hostapd, icu, kerberos, libcurl, libdb, libgcrypt, libjpeg, libnss, libtiff, lighttpd, ncurses, nessus, nginx, node, openssh, openssl, openswan, png, postgresql, python, rsyslog, sqlite, strongswan, syslogng, systemd, varnish, wireshark, xerces, xml2, zlib
cve_bin_tool - INFO - None
cve_bin_tool.Scanner - INFO - /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents/lib/libcrypto.so.1.1 is openssl 1.1.1d
cve_bin_tool.Scanner - INFO - Known CVEs in version 1.1.1d
cve_bin_tool.Scanner - INFO - CVE-1999-0428, CVE-2009-0590, CVE-2009-1390, CVE-2009-3765, CVE-2009-3766, CVE-2009-3767, CVE-2019-0190, CVE-2019-1551, CVE-2020-1967
cve_bin_tool.Scanner - INFO - /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents/lib/libz.so.1.2.11 is zlib 1.2.11
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents/lib/ld-musl-x86_64.so.1
cve_bin_tool.Scanner - INFO - /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents/lib/libssl.so.1.1 is openssl 1.1.1d
cve_bin_tool.Scanner - INFO - Known CVEs in version 1.1.1d
cve_bin_tool.Scanner - INFO - CVE-1999-0428, CVE-2009-0590, CVE-2009-1390, CVE-2009-3765, CVE-2009-3766, CVE-2009-3767, CVE-2019-0190, CVE-2019-1551, CVE-2020-1967
cve_bin_tool - INFO -
cve_bin_tool - INFO - Overall CVE summary:
cve_bin_tool - INFO - There are 2 files with known CVEs detected
cve_bin_tool - INFO - Known CVEs in ('openssl', '1.1.1d'), ('zlib', '1.2.11'):
/home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents/lib/apk/db/scripts.tar /tmp/cve-bin-tool-iucckmb_/scripts.tar.extracted
+=================================================================+
| ___ _ __ ____ ___ ___ _ _ _____ ___ ___ _ |
| / __| \ / /| ___] | )[ ]| \ | | [_ _]| _ || _ || | |
| | |__ \ \/ / | _]_ = | < | | | |\| | = | | ||_||||_||| |__ |
| \___| \__/ |___ ] |___)[___]|_| \_| |_| |___||___||____| |
| |
+=================================================================+
| CVE Binary Tool Report Generated: 2020-07-20 17:07:09 |
+=================================================================+
+=================================================================+
| MODULE NAME | VERSION | CVE NUMBER | SEVERITY |
+=================================================================+
| openssl | 1.1.1d | CVE-1999-0428 | HIGH |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2009-0590 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2009-1390 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2009-3765 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2009-3766 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2009-3767 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2019-0190 | HIGH |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2019-1551 | MEDIUM |
+--------------------+-----------+--------------------+-----------+
| openssl | 1.1.1d | CVE-2020-1967 | HIGH |
+--------------------+-----------+--------------------+-----------+
2020-07-20 17:01:09,434 - DEBUG - executor - Analyzing layer 2
2020-07-20 17:01:09,435 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/bin/cve-bin-tool -x -u now /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents
cve_bin_tool.CVEDB - WARNING - Deleting cachedir /home/beach/.cache/cve-bin-tool
cve_bin_tool.CVEDB - INFO - Updating CVE data. This will take a few minutes.
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2020.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2019.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2018.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2017.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2016.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2015.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2014.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2013.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2012.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2011.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2010.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2009.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2008.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2007.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2006.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2005.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2004.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2003.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2002.json.gz
cve_bin_tool.Scanner - INFO - Checkers: binutils, bluez, bzip2, cups, curl, expat, ffmpeg, gnutls, gstreamer, hostapd, icu, kerberos, libcurl, libdb, libgcrypt, libjpeg, libnss, libtiff, lighttpd, ncurses, nessus, nginx, node, openssh, openssl, openswan, png, postgresql, python, rsyslog, sqlite, strongswan, syslogng, systemd, varnish, wireshark, xerces, xml2, zlib
cve_bin_tool - INFO - None
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents/usr/bin/c_rehash
cve_bin_tool - INFO -
cve_bin_tool - INFO - Overall CVE summary:
cve_bin_tool - INFO - There are 0 files with known CVEs detected
/home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents/lib/apk/db/scripts.tar /tmp/cve-bin-tool-op3a_20f/scripts.tar.extracted
2020-07-20 17:08:57,838 - DEBUG - executor - Analyzing layer 3
2020-07-20 17:08:57,839 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/bin/cve-bin-tool -x -u now /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/contents
cve_bin_tool.CVEDB - WARNING - Deleting cachedir /home/beach/.cache/cve-bin-tool
cve_bin_tool.CVEDB - INFO - Updating CVE data. This will take a few minutes.
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2020.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2019.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2018.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2017.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2016.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2015.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2014.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2013.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2012.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2011.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2010.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2009.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2008.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2007.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2006.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2005.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2004.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2003.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2002.json.gz
cve_bin_tool.Scanner - INFO - Checkers: binutils, bluez, bzip2, cups, curl, expat, ffmpeg, gnutls, gstreamer, hostapd, icu, kerberos, libcurl, libdb, libgcrypt, libjpeg, libnss, libtiff, lighttpd, ncurses, nessus, nginx, node, openssh, openssl, openswan, png, postgresql, python, rsyslog, sqlite, strongswan, syslogng, systemd, varnish, wireshark, xerces, xml2, zlib
cve_bin_tool - INFO - None
cve_bin_tool - INFO -
cve_bin_tool - INFO - Overall CVE summary:
cve_bin_tool - INFO - There are 0 files with known CVEs detected
2020-07-20 17:16:15,407 - DEBUG - executor - Analyzing layer 4
2020-07-20 17:16:15,408 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/bin/cve-bin-tool -x -u now /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents
cve_bin_tool.CVEDB - WARNING - Deleting cachedir /home/beach/.cache/cve-bin-tool
cve_bin_tool.CVEDB - INFO - Updating CVE data. This will take a few minutes.
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2020.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2019.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2018.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2017.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2016.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2015.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2014.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2013.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2012.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2011.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2010.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2009.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2008.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2007.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2006.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2005.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2004.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2003.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2002.json.gz
cve_bin_tool.Scanner - INFO - Checkers: binutils, bluez, bzip2, cups, curl, expat, ffmpeg, gnutls, gstreamer, hostapd, icu, kerberos, libcurl, libdb, libgcrypt, libjpeg, libnss, libtiff, lighttpd, ncurses, nessus, nginx, node, openssh, openssl, openswan, png, postgresql, python, rsyslog, sqlite, strongswan, syslogng, systemd, varnish, wireshark, xerces, xml2, zlib
cve_bin_tool - INFO - None
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/pkg/tool/linux_amd64/nm
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/pkg/tool/linux_amd64/asm
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/pkg/tool/linux_amd64/buildid
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/pkg/tool/linux_amd64/addr2line
cve_bin_tool.Scanner - WARNING - binutils was detected with version UNKNOWN in file /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/pkg/tool/linux_amd64/objdump
世界: mismatching "local" filename (ф╕ЦчХМ),
continuing with "central" filename version
cve_bin_tool.TempDirExtractorContext - WARNING - Failure extracting /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-winrar.zip
世界: mismatching "local" filename (ф╕ЦчХМ),
continuing with "central" filename version
cve_bin_tool.TempDirExtractorContext - WARNING - Failure extracting /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-winzip.zip
世界: mismatching "local" filename (ф╕ЦчХМ),
continuing with "central" filename version
cve_bin_tool.TempDirExtractorContext - WARNING - Failure extracting /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-7zip.zip
tar: Unexpected EOF in archive
tar: rmtlseek not stopped at a record boundary
tar: Error is not recoverable: exiting now
cve_bin_tool.TempDirExtractorContext - WARNING - Failure extracting /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/writer-big-long.tar
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
cve_bin_tool.TempDirExtractorContext - WARNING - Failure extracting /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/issue11169.tar
Traceback (most recent call last):
File "/home/beach/TERN/ternenv/bin/cve-bin-tool", line 11, in <module>
load_entry_point('cve-bin-tool==1.0', 'console_scripts', 'cve-bin-tool')()
File "/home/beach/TERN/ternenv/lib/python3.6/site-packages/cve_bin_tool/cli.py", line 475, in main
scanner, ectx, walker, args.extract, filepath
File "/home/beach/TERN/ternenv/lib/python3.6/site-packages/cve_bin_tool/cli.py", line 264, in scan_and_or_extract_file
scan_and_or_extract_file(scanner, ectx, walker, should_extract, filename)
File "/home/beach/TERN/ternenv/lib/python3.6/site-packages/cve_bin_tool/cli.py", line 257, in scan_and_or_extract_file
scanner.scan_file(filepath)
File "/home/beach/TERN/ternenv/lib/python3.6/site-packages/cve_bin_tool/cli.py", line 140, in scan_file
raise InvalidFileError(filename)
cve_bin_tool.cli.InvalidFileError: /tmp/cve-bin-tool-tiily948/hdr-only.tar.extracted/sda
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/lib/time/zoneinfo.zip /tmp/cve-bin-tool-tiily948/zoneinfo.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-22738.zip /tmp/cve-bin-tool-tiily948/time-22738.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/dd.zip /tmp/cve-bin-tool-tiily948/dd.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/readme.zip /tmp/cve-bin-tool-tiily948/readme.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/symlink.zip /tmp/cve-bin-tool-tiily948/symlink.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/zip64-2.zip /tmp/cve-bin-tool-tiily948/zip64-2.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-infozip.zip /tmp/cve-bin-tool-tiily948/utf8-infozip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/unix.zip /tmp/cve-bin-tool-tiily948/unix.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-7zip.zip /tmp/cve-bin-tool-tiily948/time-7zip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-winrar.zip /tmp/cve-bin-tool-tiily948/utf8-winrar.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-go.zip /tmp/cve-bin-tool-tiily948/time-go.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/test-trailing-junk.zip /tmp/cve-bin-tool-tiily948/test-trailing-junk.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-winzip.zip /tmp/cve-bin-tool-tiily948/time-winzip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/go-with-datadesc-sig.zip /tmp/cve-bin-tool-tiily948/go-with-datadesc-sig.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/winxp.zip /tmp/cve-bin-tool-tiily948/winxp.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-infozip.zip /tmp/cve-bin-tool-tiily948/time-infozip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/zip64.zip /tmp/cve-bin-tool-tiily948/zip64.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-winzip.zip /tmp/cve-bin-tool-tiily948/utf8-winzip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-winrar.zip /tmp/cve-bin-tool-tiily948/time-winrar.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-osx.zip /tmp/cve-bin-tool-tiily948/utf8-osx.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/utf8-7zip.zip /tmp/cve-bin-tool-tiily948/utf8-7zip.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/crc32-not-streamed.zip /tmp/cve-bin-tool-tiily948/crc32-not-streamed.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-win7.zip /tmp/cve-bin-tool-tiily948/time-win7.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/time-osx.zip /tmp/cve-bin-tool-tiily948/time-osx.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/zip/testdata/test.zip /tmp/cve-bin-tool-tiily948/test.zip.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/writer-big-long.tar /tmp/cve-bin-tool-tiily948/writer-big-long.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/pax.tar /tmp/cve-bin-tool-tiily948/pax.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/nil-uid.tar /tmp/cve-bin-tool-tiily948/nil-uid.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/trailing-slash.tar /tmp/cve-bin-tool-tiily948/trailing-slash.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/file-and-dir.tar /tmp/cve-bin-tool-tiily948/file-and-dir.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/v7.tar /tmp/cve-bin-tool-tiily948/v7.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/gnu-multi-hdrs.tar /tmp/cve-bin-tool-tiily948/gnu-multi-hdrs.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/ustar-file-reg.tar /tmp/cve-bin-tool-tiily948/ustar-file-reg.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/ustar-file-devs.tar /tmp/cve-bin-tool-tiily948/ustar-file-devs.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/pax-nul-path.tar /tmp/cve-bin-tool-tiily948/pax-nul-path.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/issue11169.tar /tmp/cve-bin-tool-tiily948/issue11169.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/gnu-nil-sparse-hole.tar /tmp/cve-bin-tool-tiily948/gnu-nil-sparse-hole.tar.extracted
/home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents/usr/local/go/src/archive/tar/testdata/hdr-only.tar /tmp/cve-bin-tool-tiily948/hdr-only.tar.extracted
2020-07-20 17:26:27,272 - DEBUG - executor - Analyzing layer 5
2020-07-20 17:26:27,273 - DEBUG - rootfs - Running command: sudo /home/beach/TERN/ternenv/bin/cve-bin-tool -x -u now /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/contents
cve_bin_tool.CVEDB - WARNING - Deleting cachedir /home/beach/.cache/cve-bin-tool
cve_bin_tool.CVEDB - INFO - Updating CVE data. This will take a few minutes.
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2020.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2019.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2018.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2017.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2016.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2015.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2014.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2013.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2012.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2011.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2010.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2009.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2008.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2007.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2006.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2005.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2004.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2003.json.gz
cve_bin_tool.cvedb.cache_update - INFO - Updating CVE cache for nvdcve-1.1-2002.json.gz
cve_bin_tool.Scanner - INFO - Checkers: binutils, bluez, bzip2, cups, curl, expat, ffmpeg, gnutls, gstreamer, hostapd, icu, kerberos, libcurl, libdb, libgcrypt, libjpeg, libnss, libtiff, lighttpd, ncurses, nessus, nginx, node, openssh, openssl, openswan, png, postgresql, python, rsyslog, sqlite, strongswan, syslogng, systemd, varnish, wireshark, xerces, xml2, zlib
cve_bin_tool - INFO - None
cve_bin_tool - INFO -
cve_bin_tool - INFO - Overall CVE summary:
cve_bin_tool - INFO - There are 0 files with known CVEs detected
2020-07-20 17:33:25,214 - DEBUG - generator - Creating a detailed report of components in image...
This report was generated by the Tern Project
Version: 2.1.1
Docker image: golang:1.12-alpine:
Layer 1:
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 2:
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 3:
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 4:
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 5:
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
###########################################
# Summary of licenses found in Container: #
###########################################
None
2020-07-20 17:33:25,219 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/daa4253bbe5a2459c4aa33b3ccac33c06c4e055d6c1093bb477a371ed4a8eef0/contents
2020-07-20 17:33:25,244 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/a4816229dbc332c74de29ac6a705ba1db243d263fe7dd0088062a4495af8672b/contents
2020-07-20 17:33:25,269 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/17eef46af9e25447ee0fb79ae1b71ca951ba977994ded0c72ada109d3a0f4e93/contents
2020-07-20 17:33:25,282 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/ae3c148a463d865cbb17f686e0e54c55e4a6eb360f47e61f5fb0f66e5cf86a34/contents
2020-07-20 17:33:25,691 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/a5eb87b130e3b9e9032b6a544e220c66cba93be2f82927728c1ee27cc15d78d8/contents
2020-07-20 17:33:25,705 - DEBUG - run - Teardown...
2020-07-20 17:33:25,707 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/mergedir
2020-07-20 17:33:25,720 - DEBUG - rootfs - Running command: sudo rm -rf /home/beach/.tern/temp/workdir
2020-07-20 17:33:25,783 - DEBUG - __main__ - Report complete
TERN 分析結果について
TERNの特徴として,レイヤーごとに含まれているOSSを検出する.
このとき,以下のような簡単なコマンドを組み合わせ実行している.
(txet 形式で結果を出力するとコマンド詳細を確認できる)
copyrights:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
ライセンスやCopyrightなどの検出は、単に上記のような切り抜きコマンドをいくつか組み合わせて実行しただけである.このため,出力されるレポートではライセンスの書式などが揃っていない。
切り抜きコマンドや分析内容は以下の「TERNの分析結果例(txt形式)」に実際のものを確認できる.
TERNの分析結果例(txt形式)
Golang1.14分析結果ファイル
This report was generated by the Tern Project
Version: 2.1.1
Docker image: golang:1.14:
Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.
Layer 1:
info: Found 'Debian GNU/Linux 10 (buster)' in /etc/os-release.
info: Layer created by commands: /bin/sh -c #(nop) ADD file:1ab357efe422cfed5e37af2dc60d07ccfd4bdee4d4a0c00838b5d68f19ff20c7 in /
info: Retrieved by invoking listing in command_lib/base.yml
versions:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do dpkg -l $p | awk 'NR>5 {print $3}'; done
copyrights:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
names:
in container:
dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'
Invoking commands from command_lib/base.yml:
warning: No listing method for 'licenses'. Additional analysis may be required.
No listing method for 'srcs'. Additional analysis may be required.
File licenses found in Layer: newlib-historical, gpl-2.0-plus AND lgpl-2.1-plus, latex2e, bsd-new OR gpl-1.0-plus, mit, zlib, d-zlib, agpl-3.0-plus, artistic-1.0, gfdl-1.2, fsf-mit, other-copyleft, gpl-3.0-plus OR mit, unicode, gpl-1.0-plus, x11-fsf, mpl-2.0, oracle-bsd-no-nuclear, bsd-unmodified, smail-gpl, bsd-original, bsd-axis-nomod OR gpl-1.0-plus, bsd-new, lgpl-3.0-plus OR gpl-2.0-plus, warranty-disclaimer, artistic-2.0, bsd-2-clause-plus-advertizing, gpl-2.0-plus WITH autoconf-simple-exception-2.0, x11-lucent, lgpl-2.1-plus, gpl-2.0-plus OR lgpl-2.1-plus OR mpl-1.1, gpl-3.0 AND gpl-2.0 AND lgpl-3.0-plus WITH cygwin-exception-lgpl-3.0-plus AND other-copyleft AND other-permissive, wtfpl-2.0, gpl-2.0 AND lgpl-2.0 AND bsd-new AND mit-old-style-no-advert, fsf-ap, fsf-unlimited, gpl-1.0-plus WITH autoconf-simple-exception-2.0, sleepycat, lgpl-3.0-plus, free-unknown, gpl-2.0 OR lgpl-2.1, carnegie-mellon-contributors, gpl-3.0-plus WITH bison-exception-2.2, other-permissive, gfdl-1.3, mit OR gpl-2.0, uoi-ncsa, inner-net-2.0, mpl-1.1, gfdl-1.2-plus, gpl-3.0-plus, gpl-1.0, gfdl-1.3-plus, apache-2.0, x11-xconsortium, gpl-2.0, gpl-1.0-plus OR artistic-1.0, lgpl-2.0-plus, artistic-2.0 AND public-domain-disclaimer, public-domain-disclaimer, nilsson-historical, gpl-3.0, unknown, lgpl-2.0, sunpro, bsla, lgpl-2.0-plus AND gpl-1.0-plus, historical, gpl-2.0-plus, x11-hanson, lgpl-3.0, public-domain, hs-regexp, epl-2.0 OR gpl-2.0-plus OR lgpl-2.1-plus, gcc-exception-3.1, gpl-1.0 OR gpl-2.0, gpl-3.0-plus WITH gcc-exception-3.1, gpl-2.0-plus OR mit, gfdl-1.1-plus, bsd-original-uc, artistic-1.0-cl8, libselinux-pd, ibm-dhcp, lgpl-2.1 AND gpl-2.0 AND gpl-3.0, mit-old-style-no-advert, osf-1990, autoconf-simple-exception-2.0, philippe-de-muyter, gpl-2.0 OR bsd-simplified, ietf, isc, amd-historical, autoconf-exception-2.0, gpl-3.0-plus WITH autoconf-macro-exception, rdisc, artistic-perl-1.0, ssleay-windows, bzip2-libbzip-2010, agpl-3.0, artistic-2.0 OR gpl-1.0-plus, bsd-simplified, gpl-1.0-plus OR artistic-2.0, lgpl-2.1, gpl-1.0-plus AND gpl-2.0-plus AND lgpl-2.0-plus AND gfdl-1.1, cc0-1.0, bsd-new OR gpl-2.0-plus, intel-osl-1993, tcp-wrappers
Packages found in Layer: adduser-3.118, apt-1.8.2.1, base-files-10.3+deb10u4, base-passwd-3.5.46, bash-5.0-4, bsdutils-1:2.33.1-0.1, coreutils-8.30-3, dash-0.5.10.2-5, debconf-1.5.71, debian-archive-keyring-2019.1, debianutils-4.8.6.1, diffutils-1:3.7-3, dpkg-1.19.7, e2fsprogs-1.44.5-1+deb10u3, fdisk-2.33.1-0.1, findutils-4.6.0+git+20190209-2, gcc-8-base-8.3.0-6, gpgv-2.2.12-1+deb10u1, grep-3.3-1, gzip-1.9-3, hostname-3.21, init-system-helpers-1.56+nmu1, iproute2-4.20.0-2, iputils-ping-3:20180629-2+deb10u1, libacl1-2.2.53-4, libapt-pkg5.0-1.8.2.1, libattr1-1:2.4.48-4, libaudit-common-1:2.8.4-3, libaudit1-1:2.8.4-3, libblkid1-2.33.1-0.1, libbz2-1.0-1.0.6-9.2~deb10u1, libc-bin-2.28-10, libc6-2.28-10, libcap-ng0-0.7.9-2, libcap2-1:2.25-2, libcap2-bin-1:2.25-2, libcom-err2-1.44.5-1+deb10u3, libdb5.3-5.3.28+dfsg1-0.5, libdebconfclient0-0.249, libelf1-0.176-1.1, libext2fs2-1.44.5-1+deb10u3, libfdisk1-2.33.1-0.1, libffi6-3.2.1-9, libgcc1-1:8.3.0-6, libgcrypt20-1.8.4-5, libgmp10-2:6.1.2+dfsg-4, libgnutls30-3.6.7-4+deb10u4, libgpg-error0-1.35-1, libhogweed4-3.4.1-1, libidn2-0-2.0.5-1+deb10u1, liblz4-1-1.8.3-1, liblzma5-5.2.4-1, libmnl0-1.0.4-2, libmount1-2.33.1-0.1, libncursesw6-6.1+20181013-2+deb10u2, libnettle6-3.4.1-1, libp11-kit0-0.23.15-2, libpam-modules-1.3.1-5, libpam-modules-bin-1.3.1-5, libpam-runtime-1.3.1-5, libpam0g-1.3.1-5, libpcre3-2:8.39-12, libseccomp2-2.3.3-4, libselinux1-2.8-1+b1, libsemanage-common-2.8-2, libsemanage1-2.8-2, libsepol1-2.8-1, libsmartcols1-2.33.1-0.1, libss2-1.44.5-1+deb10u3, libstdc++6-8.3.0-6, libsystemd0-241-7~deb10u4, libtasn1-6-4.13-3, libtinfo6-6.1+20181013-2+deb10u2, libudev1-241-7~deb10u4, libunistring2-0.9.10-1, libuuid1-2.33.1-0.1, libxtables12-1.8.2-4, libzstd1-1.3.8+dfsg-3, login-1:4.5-1.1, mawk-1.3.3-17+b3, mount-2.33.1-0.1, ncurses-base-6.1+20181013-2+deb10u2, ncurses-bin-6.1+20181013-2+deb10u2, passwd-1:4.5-1.1, perl-base-5.28.1-6, sed-4.7-1, sysvinit-utils-2.93-8, tar-1.30+dfsg-6, tzdata-2020a-0+deb10u1, util-linux-2.33.1-0.1, zlib1g-1:1.2.11.dfsg-1
Licenses found in Layer: GPLv2+, PD, GPL-2, BSD-3-clause, LGPL, BSD-2-clause, GPL-2+, BSD-4-clause, MIT, GPL-3+, public-domain, LGPL-2.1+, LGPL-3+, LGPL-2+, public-domain-md5, public-domain-s-s-d, CC0-1.0, GPL-3+ or BSD-3-clause, Expat, TinySCHEME, permissive, RFC-Reference, LGPL-2.1, BSD-variant, BSD-3-clause or GPL-2, BSD-3-clause or GPL-2+, LGPLv3+_or_GPLv2+, Public domain., GPLv3+, g10-permissive, LGPL-2.1+ or BSD-3-clause, GAP, GPL-2+ with Autoconf exception, other, Unicode, LGPL-3+ or GPL-2+, config-h, noderivs, PD-debian, permissive-nowarranty, probably-PD, none, permissive-fsf, Autoconf, ISC, BSD-3-Clause, same-as-rest-of-p11kit, permissive-like-automake-output, GPL-2+ with distribution exception, FreeSoftware, GPL-3+ or GFDL-1.2+, GFDL-1.2+, Artistic-2, custom, zlib, BSD-3-clause and GPL-2, Expat or GPL-1+ or Artistic, BZIP, GPL-1+ or Artistic or Artistic-dist, REGCOMP, SDBM-PUBLIC-DOMAIN, HSIEH-BSD, Artistic or GPL-1+ or Artistic-dist, GPL-1+ or Artistic, DONT-CHANGE-THE-GPL, BSD-4-clause-POWERDOG, GPL-1+ or Artistic, and Unicode, HSIEH-DERIVATIVE, ZLIB, GPL-3+-WITH-BISON-EXCEPTION, Artistic, S2P, Artistic-dist, GPL-1+ or Artistic, and Expat, BSD-3-clause-GENERIC, RRA-KEEP-THIS-NOTICE, TEXT-TABS, REGCOMP, and GPL-1+ or Artistic, GPL-1+ or Artistic, and BSD-3-clause-GENERIC, BSD-3-clause-with-weird-numbering, GPL-1+ or Artistic, and BSD-4-clause-POWERDOG, GPL-2+ or Artistic, GPL-1+, Zlib
------------------------------------------------
Layer 2:
info: Instruction Line: RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates curl netbase wget && rm -rf /var/lib/apt/lists/*
warning:
Ignored Commands:apt-get update
Unrecognized Commands:rm -rf /var/lib/apt/lists/*
info: Layer created by commands: /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates curl netbase wget && rm -rf /var/lib/apt/lists/*
info: Retrieved by invoking listing in command_lib/base.yml
versions:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do dpkg -l $p | awk 'NR>5 {print $3}'; done
copyrights:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
names:
in container:
dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'
Invoking commands from command_lib/base.yml:
warning: No listing method for 'licenses'. Additional analysis may be required.
No listing method for 'srcs'. Additional analysis may be required.
File licenses found in Layer: ibm-dhcp, lgpl-2.1-plus, mit-old-style-no-advert, gpl-2.0-plus OR lgpl-2.1-plus OR mpl-1.1, gpl-2.0, gpl-3.0 AND other-copyleft, lgpl-2.0-plus, fsf-ap, mit, curl, openssl-exception-gpl-2.0, gpl-3.0, ietf, isc, unknown, rsa-md4, ofl-1.1, free-unknown, gfdl-1.2, fsf-mit, lgpl-2.0, bsla, other-permissive, cc-by-sa-3.0, hs-regexp-orig, gpl-3.0-plus WITH autoconf-macro-exception, other-copyleft, gpl-3.0-plus OR mit, x11-fsf, rsa-md5, gpl-1.0-plus, ofl-1.1 AND mit, gpl-2.0-plus, mpl-2.0, lgpl-3.0, public-domain, gpl-1.0-plus OR lgpl-2.0-plus OR bsd-simplified, bsd-x11, bzip2-libbzip-2010, mit-no-advert-export-control, mit-license-1998, bsd-original, openssl-ssleay, bsd-simplified, gpl-3.0-plus, bsd-new, michigan-disclaimer, xfree86-1.0, bsd-plus-mod-notice, openldap-2.8, openssl, bsd-original-uc, rsa-1990, bsd-2-clause-plus-advertizing
Packages found in Layer: ca-certificates-20200601~deb10u1, curl-7.64.0-4+deb10u1, libcurl4-7.64.0-4+deb10u1, libgssapi-krb5-2-1.17-3, libk5crypto3-1.17-3, libkeyutils1-1.6-6, libkrb5-3-1.17-3, libkrb5support0-1.17-3, libldap-2.4-2-2.4.47+dfsg-3+deb10u2, libldap-common-2.4.47+dfsg-3+deb10u2, libnghttp2-14-1.36.0-2+deb10u1, libpcre2-8-0-10.32-5, libpsl5-0.20.2-2, librtmp1-2.4+20151223.gitfa8646d.1-2, libsasl2-2-2.1.27+dfsg-1+deb10u1, libsasl2-modules-db-2.1.27+dfsg-1+deb10u1, libssh2-1-1.8.0-2.1, libssl1.1-1.1.1d-0+deb10u3, netbase-5.6, openssl-1.1.1d-0+deb10u3, wget-1.20.1-1.1
Licenses found in Layer: GPL-2+, MPL-2.0, ISC, curl, BSD-4-Clause, BSD-3-Clause, public-domain, other, LGPL-2+, BSD-2-clause, Expat, MIT, all-permissive, GPL-3+ with autoconf exception, SIL-OFL-1.1, Chromium, GPL-3+, BSD-4-clause, BSD3
------------------------------------------------
Layer 3:
info: Instruction Line: RUN set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi
warning:
Unrecognized Commands:set -ex
File licenses found in Layer: lgpl-2.1-plus, x11-xconsortium, gpl-2.0, lgpl-2.0-plus, fsf-unlimited, gpl-1.0-plus WITH autoconf-simple-exception-2.0, philippe-de-muyter, mit, public-domain-disclaimer, gpl-3.0, gpl-2.0-plus AND gpl-3.0, ietf, lgpl-3.0-plus, unknown, free-unknown, fsf-mit, other-permissive, other-copyleft, gpl-1.0-plus, gpl-2.0-plus, lgpl-3.0, public-domain, gfdl-1.2-plus, gpl-3.0-plus, gpl-2.0-plus OR lgpl-3.0-plus, bsd-new, lgpl-2.1, gpl-2.0-plus WITH libtool-exception-2.0, cc0-1.0, gfdl-1.3-plus, libtool-exception-2.0
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 4:
info: Instruction Line: RUN apt-get update && apt-get install -y --no-install-recommends git mercurial openssh-client subversion procps && rm -rf /var/lib/apt/lists/*
warning:
Ignored Commands:apt-get update
Unrecognized Commands:rm -rf /var/lib/apt/lists/*
info: Layer created by commands: /bin/sh -c apt-get update && apt-get install -y --no-install-recommends git mercurial openssh-client subversion procps && rm -rf /var/lib/apt/lists/*
info: Retrieved by invoking listing in command_lib/base.yml
versions:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do dpkg -l $p | awk 'NR>5 {print $3}'; done
copyrights:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
names:
in container:
dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'
Invoking commands from command_lib/base.yml:
warning: No listing method for 'licenses'. Additional analysis may be required.
No listing method for 'srcs'. Additional analysis may be required.
File licenses found in Layer: mpl-1.1 OR lgpl-2.1-plus OR apache-2.0, python-cwi, mit OR gpl-1.0-plus, mit, python OR gpl-2.0, zlib, agpl-3.0-plus, gfdl-1.2, fsf-mit, python, other-copyleft, cc-pd, unicode, bsd-unchanged, generic-cla, gpl-2.0 AND epl-1.0, gpl-1.0-plus, mpl-1.0, x11-fsf, qpl-1.0, sfl-license, bsd-original, bsd-new, warranty-disclaimer, openssl, apache-1.1, apache-2.0 OR apache-1.1, snprintf, artistic-2.0, bsd-2-clause-plus-advertizing, lgpl-2.1-plus, unknown-license-reference, fsf-ap, bsd-simplified AND gpl-2.0, svndiff, free-unknown, beerware, gpl-3.0-plus WITH bison-exception-2.2, other-permissive, cmu-uc, gfdl-1.3, llnl, cnri-python-1.6, rsa-md5, mit OR gpl-2.0, mpl-1.1, gpl-3.0-plus, gpl-1.0, fsf-free, gfdl-1.3-plus, tatu-ylonen, apache-2.0, x11-xconsortium, gpl-2.0, gpl-1.0-plus OR artistic-1.0, lgpl-2.0-plus, artistic-2.0 AND public-domain-disclaimer, curl, public-domain-disclaimer, gpl-3.0, unknown, lgpl-2.0, sun-sissl-1.1, hs-regexp-orig, m-plus, proprietary-license, historical, gpl-2.0-plus, lgpl-3.0, public-domain, zpl-2.1, afl-3.0, boost-1.0, artistic-2.0 OR bsd-new OR lgpl-3.0, gfdl-1.1-plus, bsd-original-uc, artistic-1.0-cl8, pygres-2.2, mit-old-style-no-advert, bsd-simplified-darwin, philippe-de-muyter, gpl-2.0 OR bsd-new, isc, public-domain AND gpl-2.0-plus, artistic-perl-1.0, bzip2-libbzip-2010, agpl-3.0, artistic-2.0 OR gpl-1.0-plus, bsd-simplified, openssl-ssleay, gpl-1.0-plus OR artistic-2.0, tested-software, lgpl-2.1, gpl-1.0-plus OR bsd-simplified, cc0-1.0, x11, bsd-2-clause-netbsd
Packages found in Layer: dirmngr-2.2.12-1+deb10u1, git-1:2.20.1-2+deb10u3, git-man-1:2.20.1-2+deb10u3, gnupg-2.2.12-1+deb10u1, gnupg-l10n-2.2.12-1+deb10u1, gnupg-utils-2.2.12-1+deb10u1, gpg-2.2.12-1+deb10u1, gpg-agent-2.2.12-1+deb10u1, gpg-wks-client-2.2.12-1+deb10u1, gpg-wks-server-2.2.12-1+deb10u1, gpgconf-2.2.12-1+deb10u1, gpgsm-2.2.12-1+deb10u1, libapr1-1.6.5-1+b1, libaprutil1-1.6.1-4, libassuan0-2.5.2-1, libbsd0-0.9.1-2, libcurl3-gnutls-7.64.0-4+deb10u1, libedit2-3.1-20181209-1, liberror-perl-0.17027-2, libexpat1-2.2.6-2+deb10u1, libgdbm-compat4-1.18.1-4, libgdbm6-1.18.1-4, libksba8-1.3.5-2, libncurses6-6.1+20181013-2+deb10u2, libnpth0-1.6-1, libperl5.28-5.28.1-6, libprocps7-2:3.3.15-2, libpython-stdlib-2.7.16-1, libpython2-stdlib-2.7.16-1, libpython2.7-minimal-2.7.16-2+deb10u1, libpython2.7-stdlib-2.7.16-2+deb10u1, libreadline7-7.0-5, libserf-1-1-1.3.9-7+b10, libsqlite3-0-3.27.2-3, libsvn1-1.10.4-1+deb10u1, libutf8proc2-2.3.0-1, lsb-base-10.2019051400, mercurial-4.8.2-1+deb10u1, mercurial-common-4.8.2-1+deb10u1, mime-support-3.62, openssh-client-1:7.9p1-10+deb10u2, perl-5.28.1-6, perl-modules-5.28-5.28.1-6, pinentry-curses-1.1.0-2, procps-2:3.3.15-2, python-2.7.16-1, python-minimal-2.7.16-1, python2-2.7.16-1, python2-minimal-2.7.16-1, python2.7-2.7.16-2+deb10u1, python2.7-minimal-2.7.16-2+deb10u1, readline-common-7.0-5, sensible-utils-0.0.12, subversion-1.10.4-1+deb10u1, ucf-3.0038+nmu1
Licenses found in Layer: BSD-3-clause, CC0-1.0, GPL-3+ or BSD-3-clause, Expat, GPL-3+, TinySCHEME, LGPL-3+, permissive, LGPL-2.1+, RFC-Reference, ISC, BSD-2-clause, LGPL-2+, EDL-1.0, GPL-2, mingw-runtime, Apache-2.0, dlmalloc, Boost, GPL-2+, GPL-1+ or Artistic-1, GAP, GAP~FSF, GPL-2+ with libtool exception, BSD-5-clause-Peter-Wemm, BSD-3-clause-Regents, ISC-Original, BSD-4-clause-Niels-Provos, BSD-3-clause-Regents and BSD-2-clause-NetBSD, Beerware, BSD-2-clause-NetBSD, BSD-3-clause-John-Birrell, public-domain, BSD-2-clause-author, BSD-2-clause-verbatim, BSD-3-clause-author, public-domain-Colin-Plumb, BSD-4-clause-Christopher-G-Demetriou, curl, BSD-4-Clause, BSD-3-Clause, other, Artistic, MIT/X11, GPL-1+, Artistic or GPL-1+, MIT, GFDL-NIV-1.3+, Expat or GPL-1+ or Artistic, BZIP, GPL-1+ or Artistic or Artistic-dist, REGCOMP, SDBM-PUBLIC-DOMAIN, HSIEH-BSD, Artistic or GPL-1+ or Artistic-dist, GPL-1+ or Artistic, DONT-CHANGE-THE-GPL, LGPL-2.1, BSD-4-clause-POWERDOG, GPL-1+ or Artistic, and Unicode, HSIEH-DERIVATIVE, Artistic-2, ZLIB, GPL-3+-WITH-BISON-EXCEPTION, Unicode, S2P, Artistic-dist, GPL-1+ or Artistic, and Expat, BSD-3-clause-GENERIC, RRA-KEEP-THIS-NOTICE, TEXT-TABS, REGCOMP, and GPL-1+ or Artistic, GPL-1+ or Artistic, and BSD-3-clause-GENERIC, BSD-3-clause-with-weird-numbering, GPL-1+ or Artistic, and BSD-4-clause-POWERDOG, GPL-2+ or Artistic, LGPL-2.0+, GPL-2.0+, # Licensed to PSF under a Contributor Agreement, PSF-2, Apache-2, This software is provided 'as-is', without any express or implied, This software is provided as-is, without express or implied, see above, some license as Python., Permission is hereby granted, free of charge, to any person obtaining, Python, Apache, Zlib, Expat and Unicode, Utfwidth, Svnwrap, BSD-3-clause or Apache-2.0, AFL-3, Zope Public License (ZPL) Version 2.1, Permission is hereby granted, free of charge, to any person obtaining a copy of this, Permission is hereby granted, free of charge, to any person obtaining a copy, Redistribution and use in source and binary forms, with or without modification,, PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2, Bellcore, ad-hoc, Expat-with-advertising-restriction, Beer-ware, Powell-BSD-style, Mazieres-BSD-style, OpenSSH, X11, LGPL-3+ or GPL-2+, All-permissive, installsh, configure
------------------------------------------------
Layer 5:
info: Instruction Line: RUN apt-get update && apt-get install -y --no-install-recommends g++ gcc libc6-dev make pkg-config && rm -rf /var/lib/apt/lists/*
warning:
Ignored Commands:apt-get update
Unrecognized Commands:rm -rf /var/lib/apt/lists/*
info: Layer created by commands: /bin/sh -c apt-get update && apt-get install -y --no-install-recommends g++ gcc libc6-dev make pkg-config && rm -rf /var/lib/apt/lists/*
info: Retrieved by invoking listing in command_lib/base.yml
versions:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do dpkg -l $p | awk 'NR>5 {print $3}'; done
copyrights:
in container:
pkgs=`dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'`
for p in $pkgs; do /bin/cat /usr/share/doc/$p/copyright; echo LICF; done
names:
in container:
dpkg --get-selections | cut -f1 -d':' | awk '{print $1}'
Invoking commands from command_lib/base.yml:
warning: No listing method for 'licenses'. Additional analysis may be required.
No listing method for 'srcs'. Additional analysis may be required.
File licenses found in Layer: gpl-2.0-plus WITH autoconf-simple-exception-2.0, mpl-1.1 OR gpl-2.0 OR lgpl-2.1, gpl-1.0-plus WITH linux-syscall-exception-gpl, mit-old-style, gpl-2.0 WITH linux-syscall-exception-gpl OR bsd-simplified, lgpl-2.1-plus, apache-2.0, mit-old-style-no-advert, gpl-2.0, gpl-2.0 WITH linux-syscall-exception-gpl OR linux-openib, lgpl-2.0-plus, fsf-ap, mit, gpl-2.0 WITH linux-syscall-exception-gpl, gpl-3.0, boost-original, gpl-2.0 OR bsd-simplified, gpl-2.0 OR bsd-new, ietf, isc, unknown, lgpl-3.0-plus, commercial-license OR gpl-3.0, agpl-3.0-plus, free-unknown, gfdl-1.2, carnegie-mellon-contributors, sunpro, lgpl-2.0, gpl-2.0 OR linux-openib, other-permissive, gpl-2.0-plus WITH linux-syscall-exception-gpl OR bsd-new, gpl-2.0 WITH linux-syscall-exception-gpl OR mit, lgpl-2.0-plus WITH linux-syscall-exception-gpl, other-copyleft, gpl-3.0-plus OR mit, unicode, khronos, gpl-2.0 OR cddl-1.0, historical, ruby, gpl-1.0-plus, gpl-2.0-plus, uoi-ncsa, lgpl-3.0, gpl-2.0 OR anu-license, inner-net-2.0, public-domain, gpl-2.0 WITH linux-syscall-exception-gpl AND mit, hs-regexp, lgpl-2.0 OR mulle-kybernetik, gpl-2.0 OR mit, bsd-new OR gpl-2.0, gpl-2.0 WITH linux-syscall-exception-gpl OR bsd-new, gfdl-1.2-plus, bsd-original, bsd-simplified, gpl-3.0-plus, gpl-2.0-plus WITH linux-syscall-exception-gpl, boost-1.0, lgpl-2.1, bsd-new, warranty-disclaimer, gpl-2.0-plus OR bsd-new, gpl-2.0-plus WITH mif-exception, bsd-new OR gpl-2.0-plus, gpl-3.0-plus WITH gcc-exception-3.1, gpl-2.0-plus OR mit, gfdl-1.1-plus, lgpl-2.1 WITH linux-syscall-exception-gpl, lgpl-2.1-plus WITH linux-syscall-exception-gpl
Packages found in Layer: binutils-2.31.1-16, binutils-common-2.31.1-16, binutils-x86-64-linux-gnu-2.31.1-16, cpp-4:8.3.0-1, cpp-8-8.3.0-6, g++-4:8.3.0-1, g++-8-8.3.0-6, gcc-4:8.3.0-1, gcc-8-8.3.0-6, libasan5-8.3.0-6, libatomic1-8.3.0-6, libbinutils-2.31.1-16, libc-dev-bin-2.28-10, libc6-dev-2.28-10, libcc1-0-8.3.0-6, libdpkg-perl-1.19.7, libgcc-8-dev-8.3.0-6, libglib2.0-0-2.58.3-2+deb10u2, libgomp1-8.3.0-6, libisl19-0.20-2, libitm1-8.3.0-6, liblsan0-8.3.0-6, libmpc3-1.1.0-1, libmpfr6-4.0.2-1, libmpx2-8.3.0-6, libquadmath0-8.3.0-6, libstdc++-8-dev-8.3.0-6, libtsan0-8.3.0-6, libubsan1-8.3.0-6, linux-libc-dev-4.19.118-2+deb10u1, make-4.2.1-1.2, pkg-config-0.29-6
Licenses found in Layer: BSD-2-clause, GPL-2, public-domain-md5, GPL-2+, public-domain-s-s-d, Apache-2.0, Expat, This version was made by modifying the master file made by, MIT, Permission is hereby granted, free of charge, to any person obtaining a copy, LGPL-2.1+, CRYPTOGAMS, LGPL-2.1, Xen-interface, GPL-2+ or X11, Unicode-data, GPL-3+
------------------------------------------------
Layer 6:
info: Instruction Line: RUN set -eux; dpkgArch="$(dpkg --print-architecture)"; case "${dpkgArch##*-}" in amd64) goRelArch='linux-amd64'; goRelSha256='aed845e4185a0b2a3c3d5e1d0a35491702c55889192bb9c30e67a3de6849c067' ;; armhf) goRelArch='linux-armv6l'; goRelSha256='e20211425b3f797ca6cd5e9a99ab6d5eaf1b009d08d19fc8a7835544fa58c703' ;; arm64) goRelArch='linux-arm64'; goRelSha256='05dc46ada4e23a1f58e72349f7c366aae2e9c7a7f1e7653095538bc5bba5e077' ;; i386) goRelArch='linux-386'; goRelSha256='4179f406ea0efd455a8071eaaaf1dea92cac5c17aab89fbad18ea2a37623c810' ;; ppc64el) goRelArch='linux-ppc64le'; goRelSha256='b335f85bc935ca3f553ad1bac37da311aaec887ffd8a48cb58a0abb0d8adf324' ;; s390x) goRelArch='linux-s390x'; goRelSha256='17f2ae0bae968b3d909daabc5cc4a37471ddb70ec49076b78702291e6772d71a' ;; *) goRelArch='src'; goRelSha256='7011af3bbc2ac108d1b82ea8abb87b2e63f78844f0259be20cde4d42c5c40584'; echo >&2; echo >&2 "warning: current architecture ($dpkgArch) does not have a corresponding Go binary release; will be building from source"; echo >&2 ;; esac; url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; wget -O go.tgz "$url" --progress=dot:giga; echo "${goRelSha256} *go.tgz" | sha256sum -c -; tar -C /usr/local -xzf go.tgz; rm go.tgz; if [ "$goRelArch" = 'src' ]; then savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends golang-go; goEnv="$(go env | sed -rn -e '/^GO(OS|ARCH|ARM|386)=/s//export \0/p')"; eval "$goEnv"; [ -n "$GOOS" ]; [ -n "$GOARCH" ]; ( cd /usr/local/go/src; ./make.bash; ); apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark > /dev/null; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; go install std; rm -rf /usr/local/go/pkg/*/cmd /usr/local/go/pkg/bootstrap /usr/local/go/pkg/obj /usr/local/go/pkg/tool/*/api /usr/local/go/pkg/tool/*/go_bootstrap /usr/local/go/src/cmd/dist/dist ; fi; go version
warning:
Unrecognized Commands:set -eux
wget -O go.tgz $url --progress=dot:giga
echo ${goRelSha256} *go.tgz | sha256sum -c -
tar -C /usr/local -xzf go.tgz
rm go.tgz
go version
File licenses found in Layer: multics, bsd-new AND google-patent-license-webm, apache-2.0, cc-by-3.0, ijg, gpl-2.0, unknown-license-reference, mit, public-domain-disclaimer, gpl-3.0, red-hat-attribution, ekioh, unknown, sunpro, other-permissive, openssl-ssleay OR bsd-new, generic-cla, gpl-1.0-plus, gpl-2.0-plus, apple-attribution, public-domain, bsd-simplified OR gpl-2.0, bsd-2-clause-freebsd, google-patent-license-golang, bsd-simplified, bsd-new, bsd-1-clause, mpeg-ssg
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
Layer 7:
info: Instruction Line: RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
warning:
Unrecognized Commands:mkdir -p $GOPATH/src $GOPATH/bin
chmod -R 777 $GOPATH
File licenses found in Layer: None
Packages found in Layer: None
Licenses found in Layer: None
------------------------------------------------
###########################################
# Summary of licenses found in Container: #
###########################################
config-h, mpl-1.1 OR lgpl-2.1-plus OR apache-2.0, newlib-historical, gpl-2.0-plus AND lgpl-2.1-plus, Artistic or GPL-1+ or Artistic-dist, GPL-3+ or GFDL-1.2+, khronos, ruby, mpl-2.0, bsd-simplified OR gpl-2.0, gpl-2.0 WITH linux-syscall-exception-gpl AND mit, permissive-like-automake-output, gpl-1.0-plus OR lgpl-2.0-plus OR bsd-simplified, mit-no-advert-export-control, gpl-2.0 WITH linux-syscall-exception-gpl OR bsd-new, BSD-3-clause-John-Birrell, GAP~FSF, bsd-2-clause-plus-advertizing, lgpl-2.1-plus WITH linux-syscall-exception-gpl, Public domain., Python, wtfpl-2.0, unknown-license-reference, SDBM-PUBLIC-DOMAIN, GPL-1+ or Artistic, gpl-2.0-plus AND gpl-3.0, rsa-md4, free-unknown, gpl-2.0 OR lgpl-2.1, beerware, gfdl-1.3, gpl-2.0 OR cddl-1.0, llnl, cnri-python-1.6, Utfwidth, public-domain-s-s-d, xfree86-1.0, gpl-1.0, Autoconf, g10-permissive, PSF-2, apache-2.0, ijg, lgpl-2.0-plus, LGPL, curl, CC0-1.0, Expat-with-advertising-restriction, GPL-2, lgpl-2.0, sunpro, bsla, m-plus, lgpl-2.0-plus AND gpl-1.0-plus, historical, Bellcore, TEXT-TABS, afl-3.0, gcc-exception-3.1, gpl-2.0-plus WITH mif-exception, gpl-2.0-plus WITH libtool-exception-2.0, gpl-3.0-plus WITH gcc-exception-3.1, libselinux-pd, ibm-dhcp, pygres-2.2, TinySCHEME, gpl-3.0 AND other-copyleft, bsd-simplified-darwin, autoconf-simple-exception-2.0, philippe-de-muyter, LGPL-2.1, gpl-2.0 OR bsd-new, ekioh, ietf, public-domain AND gpl-2.0-plus, Apache, GPL-2+ with libtool exception, rdisc, Boost, agpl-3.0, GPL-1+ or Artistic, and BSD-3-clause-GENERIC, artistic-2.0 OR gpl-1.0-plus, openssl-ssleay, Powell-BSD-style, bsd-new OR gpl-2.0-plus, lgpl-2.1 WITH linux-syscall-exception-gpl, Expat or GPL-1+ or Artistic, LGPL-3+ or GPL-2+, BZIP, BSD-2-clause-author, red-hat-attribution, d-zlib, Redistribution and use in source and binary forms, with or without modification,, same-as-rest-of-p11kit, other-copyleft, unicode, generic-cla, mpl-1.0, ofl-1.1 AND mit, gpl-2.0 OR anu-license, bsd-unmodified, Artistic or GPL-1+, OpenSSH, SIL-OFL-1.1, BSD-4-clause, other, bsd-original, EDL-1.0, BSD-2-clause-NetBSD, GPL-2+ or Artistic, openssl, rsa-1990, GPLv3+, mpeg-ssg, GPL-2+ with distribution exception, bsd-new AND google-patent-license-webm, MIT, gpl-3.0 AND gpl-2.0 AND lgpl-3.0-plus WITH cygwin-exception-lgpl-3.0-plus AND other-copyleft AND other-permissive, svndiff, BSD-2-clause, sleepycat, BSD-4-clause-Niels-Provos, carnegie-mellon-contributors, ISC-Original, mit OR gpl-2.0, bsd-x11, REGCOMP, and GPL-1+ or Artistic, CRYPTOGAMS, Expat, GPL-1+ or Artistic, and BSD-4-clause-POWERDOG, GPL-3+ with autoconf exception, Apache-2, BSD-3-clause or GPL-2, GPL-3+, public-domain-md5, x11-xconsortium, all-permissive, GFDL-1.2+, public-domain-disclaimer, nilsson-historical, gpl-3.0, PD-debian, Artistic-2, sun-sissl-1.1, gpl-2.0-plus WITH linux-syscall-exception-gpl OR bsd-new, GPL-3+ or BSD-3-clause, PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2, gpl-2.0-plus, Artistic-dist, x11-hanson, apple-attribution, hs-regexp, permissive, bsd-new OR gpl-2.0, boost-1.0, bsd-plus-mod-notice, gpl-2.0-plus OR mit, MIT/X11, artistic-1.0-cl8, BSD3, gpl-2.0 OR bsd-simplified, isc, BSD-3-clause and GPL-2, GPL-3+-WITH-BISON-EXCEPTION, autoconf-exception-2.0, gpl-2.0 WITH linux-syscall-exception-gpl OR mit, lgpl-2.0-plus WITH linux-syscall-exception-gpl, artistic-perl-1.0, permissive-nowarranty, RRA-KEEP-THIS-NOTICE, gpl-2.0 OR mit, google-patent-license-golang, RFC-Reference, BSD-4-clause-Christopher-G-Demetriou, bsd-simplified, lgpl-2.1, ad-hoc, LGPLv3+_or_GPLv2+, GPL-1+, python-cwi, mit OR gpl-1.0-plus, latex2e, GPL-1+ or Artistic or Artistic-dist, bsd-new OR gpl-1.0-plus, HSIEH-BSD, python OR gpl-2.0, zlib, This software is provided 'as-is', without any express or implied, agpl-3.0-plus, artistic-1.0, fsf-mit, python, LGPL-2.1+, cc-pd, Artistic, gpl-3.0-plus OR mit, bsd-unchanged, BSD-3-clause-Regents, gpl-2.0 AND epl-1.0, S2P, oracle-bsd-no-nuclear, qpl-1.0, gpl-2.0-plus OR lgpl-3.0-plus, Beer-ware, warranty-disclaimer, FreeSoftware, apache-1.1, bsd-1-clause, snprintf, mpl-1.1 OR gpl-2.0 OR lgpl-2.1, mit-old-style, Permission is hereby granted, free of charge, to any person obtaining a copy of this, Apache-2.0, AFL-3, REGCOMP, gpl-2.0 AND lgpl-2.0 AND bsd-new AND mit-old-style-no-advert, fsf-ap, bsd-simplified AND gpl-2.0, BSD-4-clause-POWERDOG, HSIEH-DERIVATIVE, All-permissive, gpl-2.0 OR linux-openib, gpl-3.0-plus WITH bison-exception-2.2, cmu-uc, Unicode, uoi-ncsa, GPL-1+ or Artistic, and Expat, inner-net-2.0, Expat and Unicode, openldap-2.8, fsf-free, gfdl-1.3-plus, This software is provided as-is, without express or implied, gpl-1.0-plus OR artistic-1.0, BSD-3-clause or GPL-2+, artistic-2.0 AND public-domain-disclaimer, BSD-3-clause, GPL-2.0+, boost-original, custom, hs-regexp-orig, lgpl-3.0, see above, some license as Python., LGPL-3+, zpl-2.1, epl-2.0 OR gpl-2.0-plus OR lgpl-2.1-plus, gpl-1.0 OR gpl-2.0, GPLv2+, artistic-2.0 OR bsd-new OR lgpl-3.0, Xen-interface, BSD-2-clause-verbatim, bsd-original-uc, Zope Public License (ZPL) Version 2.1, lgpl-2.1 AND gpl-2.0 AND gpl-3.0, GPL-2+, GFDL-NIV-1.3+, GPL-1+ or Artistic, and Unicode, Svnwrap, commercial-license OR gpl-3.0, amd-historical, permissive-fsf, # Licensed to PSF under a Contributor Agreement, cc-by-sa-3.0, gpl-3.0-plus WITH autoconf-macro-exception, BSD-4-Clause, LGPL-2.0+, noderivs, tested-software, GPL-2+ or X11, gpl-1.0-plus OR bsd-simplified, gpl-1.0-plus AND gpl-2.0-plus AND lgpl-2.0-plus AND gfdl-1.1, mingw-runtime, none, bsd-2-clause-netbsd, gpl-1.0-plus WITH linux-syscall-exception-gpl, gpl-2.0 WITH linux-syscall-exception-gpl OR bsd-simplified, installsh, mit, DONT-CHANGE-THE-GPL, gfdl-1.2, openssl-ssleay OR bsd-new, LGPL-2+, gpl-1.0-plus, x11-fsf, smail-gpl, sfl-license, bsd-axis-nomod OR gpl-1.0-plus, BSD-3-clause-with-weird-numbering, bsd-new, lgpl-3.0-plus OR gpl-2.0-plus, BSD-3-clause or Apache-2.0, GPL-2+ with Autoconf exception, apache-2.0 OR apache-1.1, artistic-2.0, libtool-exception-2.0, gpl-2.0-plus WITH autoconf-simple-exception-2.0, x11-lucent, lgpl-2.1-plus, gpl-2.0-plus OR lgpl-2.1-plus OR mpl-1.1, cc-by-3.0, Unicode-data, gpl-2.0 WITH linux-syscall-exception-gpl OR linux-openib, BSD-3-clause-author, fsf-unlimited, gpl-1.0-plus WITH autoconf-simple-exception-2.0, ISC, gpl-2.0 WITH linux-syscall-exception-gpl, This version was made by modifying the master file made by, lgpl-3.0-plus, ZLIB, other-permissive, rsa-md5, BSD-3-Clause, BSD-3-clause-GENERIC, Permission is hereby granted, free of charge, to any person obtaining a copy, GAP, mpl-1.1, gfdl-1.2-plus, Chromium, gpl-3.0-plus, gpl-2.0-plus WITH linux-syscall-exception-gpl, gpl-2.0-plus OR bsd-new, GPL-1+ or Artistic-1, tatu-ylonen, multics, gpl-2.0, unknown, Mazieres-BSD-style, PD, MPL-2.0, proprietary-license, public-domain, dlmalloc, bsd-2-clause-freebsd, X11, gfdl-1.1-plus, mit-old-style-no-advert, LGPL-2.1+ or BSD-3-clause, probably-PD, osf-1990, BSD-variant, Zlib, openssl-exception-gpl-2.0, ofl-1.1, BSD-3-clause-Regents and BSD-2-clause-NetBSD, Beerware, ssleay-windows, configure, bzip2-libbzip-2010, lgpl-2.0 OR mulle-kybernetik, BSD-5-clause-Peter-Wemm, mit-license-1998, gpl-1.0-plus OR artistic-2.0, michigan-disclaimer, cc0-1.0, Permission is hereby granted, free of charge, to any person obtaining, intel-osl-1993, public-domain-Colin-Plumb, tcp-wrappers, x11
TERNのレポートの形式には標準のtxt形式のほかにyaml, json, htmlなどがあるが,以下でhtmlの結果の一部を紹介する.
- TERNの分析結果例(html形式)
おわりに
Docker containers: What are the open source licensing considerations?
By The Linux FoundationApril 24, 2020といった記事が公開されている.
このようなツールの開発が加速されている背景には,急激なコンテナの普及に伴うOSSコンプライアンス処理の複雑化がある.Docker コンテナを配布するとき,コンプライアンス上,配布しているOSSが何か明確にする必要がある.特にユーザがイメージの中に含んでいることを意識しにくいOSSを配布することもあるといった点には最新の注意を払わないといけない.
例えば新しいレイヤーにOSSの新バージョンをインストールした場合,一見古いバージョンのOSSは削除されているように見える.配布するイメージには旧バージョンのOSSも含まれており,これらのライセンスがバージョンで変更される場合はライセンスに関してかなり注意深く確認を行う必要がある.
現在OpenChain界隈でも,オープンソースコンプライアンスの話題として,Dockerなどのようなコンテナやイメージを配布する場合にどうするか,という議論がある.現時点でツールで解決できる課題は限られているが,TERNをはじめこれから様々なツールが開発されていくであろう.引き続き動向を確認しQiitaなどにまとめていきたい.
詳細については以下を確認するとよい.
Docker Containers for Legal Professionals Author: Armijn Hemel, MSc.
その他,DockerイメージをはじめOSSコンプライアンスについて以下で議論される情報も参考にできる.
追記 2020年7月30日
7月28日に登記事の内容をOpenChain Japan Tooling Sub Working Groupで発表したときのスライド