This is a small but mighty release with several important bug fixes and much needed updates to dependencies. Specifically, this release adds functionality to pull local images using Skopeo. Previously, Tern would always pull the image provided using the report -i option from a registry. Additionally, this release updates the SPDX reports to include license information from Debian packages. Previously, Tern omitted this information as it was not provided by a package manager but, rather, abstracted from copyright text. Tern will now use the license text found in Debian copyright files and list it as the declared package license as either an SPDX license identifier (if applicable), or, as an SPDX LicenseRef.
NOTE: At the time this release was cut there was an open CVE for GitPython (CVE-2022-24439) with no fix available. As soon as a fix is available, Tern will publish a patched release to include an updated version of GitPython.
- Add functionality to pull local images with skopeo: In order to analyze local images with Tern, prefix your local image with
docker-daemon:when generating a report. - Include license info for deb pkgs in SPDX reports
Note: This changelog will not include these release notes
Changelog generated by command: git log --pretty=format:"%h %s" v2.10.1..HEAD
48e22cf Replace inalid license key characters
40b981c Add functionality to pull local images with skopeo
c5919fa Include license info for deb pkgs in SPDX reports
8a1a75c Update debian-inspector requirement
23aec2f Update LicenseListVersion to 3.19
3e7ee23 Fix complaints from Prospector
38f20a6 Update LicenseListVersion to 3.19
2dd3599 Update LicenseListVersion: 3.17
d916d77 Updates maintainers affiliation
0bb0e90 LicenseListVersion: 3.17
f7003e7 Update README.md: SPDX is now an ISO standard
385f2e6 LicenseListVersion: 3.17
3b737fb LicenseListVersion: 3.17
Ivana Atanasova [email protected]
Marc-Etienne Vargenau [email protected]
Rui Valim [email protected]
Nisha Kumar: [email protected] Rose Judge: [email protected]