TERN - Inspect thy docker image

abhaykatheria

Abhay Katheria

Posted on April 3, 2020

TERN - Inspect thy docker image

Docker is a commonly heard buzzword these days. Almost every major project on GitHub is now using docker. opensource.com summarizes docker as -

Docker is a tool designed to make it easier to
create, deploy, and run applications by using containers.

What are containers then?

According to wikipedia

Containers offer operating-system-level virtualization through a virtual environment that has its own process and network space, instead of creating a full-fledged virtual machine.


All container images have some sort of dependency chain associated with them. Suppose you are creating a container based on the mongo-DB base image. You might be familiar with the packages that you installed on top of the mongo-DB base image, but likely won’t know anything about the dependencies that the mongo-DB base image brings with it. Creating a software bill of materials (SBoM) can help you make better decisions about your container-based infrastructure, integration, and deployment strategies.
Or, maybe you are just curious about the contents of the image you are using such as what packages are installed in it and which licenses govern those packages.


Well then tern comes to the rescue.


Tern is an open-source container inspection tool for containers. Tern is currently available as a pip package but can also be cloned from its GitHub repository. The installation is straight-forward but it does require Docker to be installed on the host machine.

  • Linux users can find installation instructions here
  • Windows and mac users can find installation instructions here

Once you've set up tern you can start inspecting docker images and dockerfiles.

  • To inspect locally pulled docker images or images available on DockerHub.

tern report -i debian:jessie

  • To inspect local Dockerfiles.

tern report -d path/to/Dockerfile

Tern creates SBoM reports suitable to read over or to provide another tool for consumption. Currently, supported report formats are :

  • summary (default)
  • json
  • yaml
  • SPDX tag-value

You can read more about them here.

You can read more about them here.


Another thing that makes Tern special, is the beginner-friendly documentation, code readability, and community support. The maintainers are super active and respond to the issues raised very frequently. Also, you can raise your issue on the slack channel or get help if you feel stuck anywhere. The team is super friendly and responsive. I am a contributor at Tern now and I can say all this from personal experience.

This is my very first article hope you guys like it. I didn't want to make it too long if you guys want a more detailed article comment below. I would like to thank rose from Tern team for helping me out with this article

Do checkout tern's github repo.

💖 💪 🙅 🚩
abhaykatheria
Abhay Katheria

Posted on April 3, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

TERN - Inspect thy docker image
docker TERN - Inspect thy docker image

April 3, 2020