{"id":13839401,"url":"https://github.com/heroku/terrier","last_synced_at":"2025-08-17T19:39:14.693Z","repository":{"id":57575335,"uuid":"226289769","full_name":"heroku/terrier","owner":"heroku","description":"Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.","archived":false,"fork":false,"pushed_at":"2023-09-20T05:19:08.000Z","size":31,"stargazers_count":228,"open_issues_count":2,"forks_count":15,"subscribers_count":67,"default_branch":"master","last_synced_at":"2025-07-11T06:37:04.716Z","etag":null,"topics":["container","docker","images","oci","supplychain"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heroku.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-12-06T09:14:14.000Z","updated_at":"2025-05-26T23:28:58.000Z","dependencies_parsed_at":"2024-01-20T21:47:57.855Z","dependency_job_id":"8f5a1ab7-48ea-469c-9404-9af7868979a4","html_url":"https://github.com/heroku/terrier","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/heroku/terrier","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heroku%2Fterrier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heroku%2Fterrier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heroku%2Fterrier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heroku%2Fterrier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heroku","download_url":"https://codeload.github.com/heroku/terrier/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heroku%2Fterrier/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270899424,"owners_count":24664712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container","docker","images","oci","supplychain"],"created_at":"2024-08-04T17:00:21.936Z","updated_at":"2025-08-17T19:39:14.663Z","avatar_url":"https://github.com/heroku.png","language":"Go","readme":"\u003cimg alt=\"Terrier Logo\" src=\"https://user-images.githubusercontent.com/449385/72431923-d0219680-378d-11ea-82e4-959da8ebbc9e.png\" width=\"256\" /\u003e\n\n# Terrier\nTerrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog, https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers.\n\n# Installation\n#### Binaries\nFor installation instructions from binaries please visit the [Releases Page](https://github.com/heroku/terrier/releases).\n\n#### Via Go\n\n```\n$ go get github.com/heroku/terrier\n```\n\n## Building from source\n\nVia go\n\n```\n$ go build\n```\n\nor \n\n```\n$ make all\n```\n\n## Usage\n\n```console\n$ ./terrier -h\nUsage of ./terrier:\n  -cfg string\n        Load config from provided yaml file (default \"cfg.yml\")\n```\n\n\nAn OCI TAR of the image to be scanned is required, this is provided to Terrier via the \"Image\" value in the cfg.yml. \n\nThe following Docker command can be used to convert a Docker image to a TAR that can be scanned by Terrier.\n\n```console\n# docker save imageid -o image.tar\n\n```\n\n```console\n$ ./terrier \n[+] Loading config: cfg.yml\n[+] Analysing Image\n[+] Docker Image Source:  image.tar\n[*] Inspecting Layer:  05c3c2c60920f68b506d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f\n[!] All components were identified and verified: (493/493)\n```\n\n### Example YML config\nTerrier parses YAML, below is an example config.\n\n```\n#THIS IS AN EXAMPLE CONFIG, MODIFY TO YOUR NEEDS\n\nmode: image\nimage: image.tar\n# mode: container\n# path: merged\n# verbose: true\n# veryverbose: true\n\nfiles:\n  - name: '/usr/bin/curl'\n    hashes:\n      - hash: '2353cbb7b47d0782ba8cdd9c7438b053c982eaaea6fbef8620c31a58d1e276e8'\n      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aaa'\n      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'\n  - name: '/usr/bin/go'\n    hashes:\n      - hash: '2353cbb7b47d0782ba8cdd9c7438b053c982eaaea6fbef8620c31a58d1e276e8'\n\n#UNCOMMENT TO ANALYZE HASHES\n#     hashes:\n#       - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'\n#       - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aa'\n#       - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aa'\n\n```\n\n# What does Terrier do?\nTerrier is a CLI tool that allows you to:\n- Scan an OCI image for the presence of one or more files that match one or more provided SHA256 hashes\n- Scan a running Container for the presence of one or more files that match one or more provided SHA256 hashes\n\n# What is Terrier useful for?\n### Scenario 1\nTerrier can be used to verify if a specific OCI image is making use of a specific binary, which useful in a supply chain verification scenario. For example, we may want to check that a specific Docker image is making use of a specific version or versions of cURL. In this case, Terrier is supplied with the SHA256 hashes of the binaries that are trusted.\n\nAn example YAML file for this scenario might look like this:\n```\nmode: image\n# verbose: true\n# veryverbose: true\nimage: golang1131.tar\n\nfiles:\n  - name: '/usr/local/bin/analysis.sh'\n    hashes:\n       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'\n  - name: '/usr/bin/curl'\n    hashes:\n       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'\n  - name: '/usr/local/bin/staticcheck'\n    hashes:\n       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'\n```\n\n\n### Scenario 2\nTerrier can be used to verify the presence of a particular file or files in a OCI image according to a set of provided hashes. This can be useful to check if an OCI image contains a malicious file or a file that is required to be identified.\n\nAn example YAML file for this scenario might look like this:\n```\nmode: image\n# verbose: true\n# veryverbose: true\nimage: alpinetest.tar\nhashes:\n  - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'\n  - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2'\n  - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41'\n  - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'\n```\n\n\n### Scenario 3\nTerrier can be used to verify the components of Containers at runtime by analysing the contents of /var/lib/docker/overlay2/.../merged \nAn example YAML file for this scenario might look like this:\n```\nmode: container\nverbose: true\n# veryverbose: true\n# image: latestgo13.tar\npath: merged\n\nfiles:\n  - name: '/usr/local/bin/analysis.sh'\n    hashes:\n       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'\n  - name: '/usr/local/go/bin/go'\n    hashes:\n       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'\n  - name: '/usr/local/bin/staticcheck'\n    hashes:\n       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'\n  - name: '/usr/local/bin/gosec'\n    hashes:\n       - hash: 'e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f'\n  - name: '/usr/local/bin/errcheck'\n    hashes:\n       - hash: '41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7'\n  - name: '/var/lib/dpkg/info/apt.postrm'\n    hashes:\n       - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'\n```\n\n\n\n# Usage\n### Example 1\nTerrier is a CLI and makes use of YAML. An example YAML config:\n```\nmode: image\n# verbose: true\n# veryverbose: true\nimage: alpinetest.tar\nfiles:\n  - name: '/usr/local/go/bin/go'\n    hashes:\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'\n      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aaa'\n      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aaa'\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'\n  - name: '/usr/bin/delpart'\n    hashes:\n      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'\n  - name: '/usr/bin/stdbuf'\n    hashes:\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'\n      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aa'\n      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aa'\n```\n\nIn the example below, Terrier has being instructed via the YAML above to verify multiple files.\n```\n$./terrier \n[+] Loading config: cfg.yml\n[+] Analysing Image\n[+] Docker Image Source:  alpinetest.tar\n[*] Inspecting Layer:  05c3c2c60920f68b506d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f\n[*] Inspecting Layer:  09c25a178d8a6f8b984f3e72ca5ec966215b24a700ed135dc062ad925aa5eb23\n[*] Inspecting Layer:  36351e8e1da92268d40245cfbcd499a1173eeacc23be428386c8fc0a16f0b10a\n[*] Inspecting Layer:  7224ca1e886eeb7e63a9e978b1a811ed52f4a53ccb65f7c510fa04a0d1103fdf\n[*] Inspecting Layer:  7a2e464d80c7a1d89dab4321145491fb94865099c59975cfc840c2b8e7065014\n[*] Inspecting Layer:  88a583fe02f250344f89242f88309c666671042b032411630de870a111bea971\n[*] Inspecting Layer:  8db14b6fdd2cf8b4c122824531a4d85e07f1fecd6f7f43eab7f2d0a90d8c4bf2\n[*] Inspecting Layer:  9196e3376d1ed69a647e728a444662c10ed21feed4ef7aaca0d10f452240a09a\n[*] Inspecting Layer:  92db9b9e59a64cdf486203189d02acff79c3360788b62214a49d2263874ee811\n[*] Inspecting Layer:  bc4bb4a45da628724c9f93400a9149b2dd8a5d437272cb4e572cfaec64512d98\n[*] Inspecting Layer:  be7d600e4e8ed3000e342ef6482211350069d935a14aeff4d9fc3289e1426ed3\n[*] Inspecting Layer:  c4cec85dfa44f0a8856064922cff1c39b872b506dd002e33664d11a80f75a149\n[*] Inspecting Layer:  c998d6f023b7b9e3c186af19bcd1c2574f0d01b943077281ac5bd32e02dc57a5\n[!] All components were identified and verified: (493/493)\n\n```\n Terrier sets its return code depending on the result of the tests, in the case of the test above, the return code will be \"0\" which indicates a successful test as 1 instance of each provided component was identified and verified.\n \n### Example 2\nTerrier is instructed to identify any files in the provided image that match the provided SHA256 hashes.\nYAML file cfg.yml\n```\nmode: image\n# verbose: true\n# veryverbose: true\nimage: 1070caa1a8d89440829fd35d9356143a9d6185fe7f7a015b992ec1d8aa81c78a.tar\nhashes:\n  - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'\n  - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2'\n  - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41'\n  - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'\n```\nRunning Terrier.\n```\n./terrier \n[+] Loading config: cfg.yml\n[+] Docker Image Source:  golang.tar\n[*] Inspecting Layer:  1070caa1a8d89440829fd35d9356143a9d6185fe7f7a015b992ec1d8aa81c78a\n[*] Inspecting Layer:  414833cdb33683ab8607565da5f40d3dc3f721e9a59e14e373fce206580ed40d\n[*] Inspecting Layer:  6bd93c6873c822f793f770fdf3973d8a02254a5a0d60d67827480797f76858aa\n[*] Inspecting Layer:  c40c240ae37a2d2982ebcc3a58e67bf07aeaebe0796b5c5687045083ac6295ed\n[*] Inspecting Layer:  d2850df0b6795c00bdce32eb9c1ad9afc0640c2b9a3e53ec5437fc5539b1d71a\n[*] Inspecting Layer:  f0c2fe7dbe3336c8ba06258935c8dae37dbecd404d2d9cd74c3587391a11b1af\n        [!] Found file 'f0c2fe7dbe3336c8ba06258935c8dae37dbecd404d2d9cd74c3587391a11b1af/usr/bin/curl' with hash: 9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96\n[*] Inspecting Layer:  f2d913644763b53196cfd2597f21b9739535ef9d5bf9250b9fa21ed223fc29e3\necho $?\n1\n```\n\n### Example 3\nTerrier is instructed to analyze and verify the contents of the container's merged contents located at \"merged\" where merged is possibly located at ```/var/lib/docker/overlay2/..../merged ```.\nAn example YAML file for this scenario might look like this:\n```\nmode: container\nverbose: true\n# veryverbose: true\n# image: latestgo13.tar\npath: merged\n\nfiles:\n  - name: '/usr/local/bin/analysis.sh'\n    hashes:\n       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'\n  - name: '/usr/local/go/bin/go'\n    hashes:\n       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'\n  - name: '/usr/local/bin/staticcheck'\n    hashes:\n       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'\n  - name: '/usr/local/bin/gosec'\n    hashes:\n       - hash: 'e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f'\n  - name: '/usr/local/bin/errcheck'\n    hashes:\n       - hash: '41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7'\n  - name: '/var/lib/dpkg/info/apt.postrm'\n    hashes:\n       - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'\n```\nRunning Terrier to analyse the running Container.\n\n```\n[+] Loading config: cfg.yml\n[+] Analysing Container\n[!] Found matching instance of '/usr/local/bin/analysis.sh' at: merged/usr/local/bin/analysis.sh with hash:9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105\n[!] Found matching instance of '/usr/local/bin/errcheck' at: merged/usr/local/bin/errcheck with hash:41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7\n[!] Found matching instance of '/usr/local/bin/gosec' at: merged/usr/local/bin/gosec with hash:e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f\n[!] Found matching instance of '/usr/local/bin/staticcheck' at: merged/usr/local/bin/staticcheck with hash:73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2\n[!] Found matching instance of '/usr/local/go/bin/go' at: merged/usr/local/go/bin/go with hash:23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495\n[!] Found matching instance of '/var/lib/dpkg/info/apt.postrm' at: merged/var/lib/dpkg/info/apt.postrm with hash:6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c\n[!] All components were identified and verified: (6/6)\n```\n \n # Integrating with CI\n Terrier has been designed to assist in the prevention of supply chain attacks. To utilise Terrier with CI's such as Github actions or CircleCI, the following example configurations might be useful.\n  \n ## CircleCI Example\n config.yml\n ```\nversion: 2\njobs:\n build:\n   machine: true\n   steps:\n     - checkout\n     - run:\n        name: Build Docker Image\n        command: |\n              docker build -t builditall .\n     - run:\n        name: Save Docker Image Locally\n        command: |\n              docker save builditall -o builditall.tar\n     - run:\n        name: Verify Docker Image Binaries\n        command: |\n              ./terrier_linux_amd64\n ```\n   Terrier cfg.yml\n   ```\n   mode:image\n   image: builditall.tar\nfiles:\n  - name: '/bin/wget'\n    hashes:\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'\n      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2a'\n      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41a'\n  - name: '/sbin/sulogin'\n    hashes:\n      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'\n   ```\n   \n   \n   \n  ## Github Actions Example\n  go.yml\n  ```\n  name: Go\non: [push]\njobs:\n  build:\n    name: Build\n    runs-on: ubuntu-latest\n    steps:\n\n    - name: Get Code\n      uses: actions/checkout@master\n    - name: Build Docker Image\n      run: |\n        docker build -t builditall .\n    - name: Save Docker Image Locally\n      run: |\n        docker save builditall -o builditall.tar\n    - name: Verify Docker Image Binaries\n      run: |\n        ./terrier_linux_amd64\n  ```\n\nTerrier cfg.yml\n   ```\nmode: image\nimage: builditall.tar\nfiles:\n  - name: '/bin/wget'\n    hashes:\n      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'\n      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2a'\n      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41a'\n  - name: '/bin/sbin/sulogin'\n    hashes:\n      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'\n   ```\n # Converting SHASUM 256 Hashes to a Terrier Config File\n Sometimes the source of SHA256 hashes is produced from other tools in the following format:\n\n ```\n 6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c  ./var/lib/dpkg/info/apt.postrm\n6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2  ./var/lib/dpkg/info/mawk.postinst\nfd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.preinst\nfd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.postrm\n8a278d8f860ef64ae49a2d3099b698c79dd5184db154fdeaea1bc7544c2135df  ./var/lib/dpkg/info/debconf.postrm\n1e6edefb6be6eb6fe8dd60ece5544938197b2d1d38a2d4957c069661bc2591cd  ./var/lib/dpkg/info/base-files.prerm\n198c13dfc6e7ae170b48bb5b997793f5b25541f6e998edaec6e9812bc002915f  ./var/lib/dpkg/info/passwd.postinst\n ```\n\n The format above contains the data we need for Terrier but is in the wrong format. We have included a script called ```convertSHA.sh``` which can be used to convert a file with the file paths and hash values as seen above into a valid Terrier config file. \n\n This can be seen in the following example:\n\n ```\n # cat hashes-SHA256.txt\n 6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c  ./var/lib/dpkg/info/apt.postrm\n6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2  ./var/lib/dpkg/info/mawk.postinst\nfd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.preinst\nfd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.postrm\n8a278d8f860ef64ae49a2d3099b698c79dd5184db154fdeaea1bc7544c2135df  ./var/lib/dpkg/info/debconf.postrm\n1e6edefb6be6eb6fe8dd60ece5544938197b2d1d38a2d4957c069661bc2591cd  ./var/lib/dpkg/info/base-files.prerm\n198c13dfc6e7ae170b48bb5b997793f5b25541f6e998edaec6e9812bc002915f  ./var/lib/dpkg/info/passwd.postinst\n\n# ./convertSHA.sh hashes-SHA256.txt output.yml\nConverting hashes-SHA256.txt to Terrier YML: output.yml\n\n# cat output.yml\nmode: image\n#mode: container\nimage: image.tar\n#path: path/to/container/merged\n#verbose: true\n#veryverbose: true\nfiles:\n  - name: '/var/lib/dpkg/info/apt.postrm'\n    hashes:\n       - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'\n  - name: '/var/lib/dpkg/info/mawk.postinst'\n    hashes:\n       - hash: '6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2'\n\n ```\n\n","funding_links":[],"categories":["Go","Go (531)","Security"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheroku%2Fterrier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheroku%2Fterrier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheroku%2Fterrier/lists"}