https://github.com/philips-labs/tern-action

GitHub Action to perform a docker scan with VMWARE tern
https://github.com/philips-labs/tern-action

sbom software-bill-of-materials

Last synced: 5 months ago
JSON representation

GitHub Action to perform a docker scan with VMWARE tern

• Host: GitHub
• URL: https://github.com/philips-labs/tern-action
• Owner: philips-labs
• License: mit
• Created: 2020-05-12T15:51:45.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2023-07-18T22:09:22.000Z (about 2 years ago)
• Last Synced: 2025-04-30T06:07:36.929Z (5 months ago)
• Topics: sbom, software-bill-of-materials
• Language: TypeScript
• Homepage:
• Size: 867 KB
• Stars: 8
• Watchers: 1
• Forks: 3
• Open Issues: 9
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          


# GitHub Action to VMWARE's tern!

[![Marketplace](https://img.shields.io/badge/GitHub-Marketplace-green.svg)](https://github.com/marketplace/actions/tern) [![Release](https://img.shields.io/github/release/philips-labs/tern-action.svg)](https://github.com/philips-labs/tern-action/releases) ![.github/workflows/lint.yml](https://github.com/philips-labs/tern-action/workflows/.github/workflows/lint.yml/badge.svg)

This Action wraps [`tern`](https://github.com/tern-tools/tern) allowing scanning of your docker images!



## Contents

- [Inputs](#inputs)

- [Environment Variables](#environment-variables)

- [Example Usage](#example-usage)

    - [Vanilla](#vanilla)

- [License](#license)

## Inputs

### `image`

**Required** docker image to scan. Example: `alpine:latest` 

### `format`

Output format. Can be either: `json`, `html`, `spdxtagvalue`, `spdxjson`, `yaml` or `human`

**Optional** defaults to `json`

### `output`

**Optional** Name of the output file. Defaults to `tern.`

## Outputs

### `output`

output JSON string

### `file`

output JSON file.

## Environment Variables

## Example Usage

### Vanilla

`tern` CLI will automatically scan your image`:

```yaml

name: build 

on: [push]

jobs:

  scan:

    runs-on: ubuntu-latest

    steps:

      - uses: philips-labs/tern-action@v1.1.0

        id: scan

        with:

          image: alpine:latest

          format: yaml

          output: alpine.yaml

      - uses: actions/upload-artifact@v2

        with:

          name: tern 

          path: ${{ steps.scan.outputs.file }} 

```

#### Examples

[example repo](https://github.com/JeroenKnoops/tern-action-examples)

### Contributors

[Thanks goes to these contributors](https://github.com/philips-labs/tern-action/graphs/contributors)!

## License

[MIT License](./LICENSE)