tern VS spdx-license-matcher

Compare tern vs spdx-license-matcher and see what are their differences.

tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)
Python Containers oss-compliance sbom Docker Compliance spdx Tool Dependencies software-composition-analysis risk-management open-source supply-chain-security metadata-extraction
Source Code
Suggest alternative
Edit details

spdx-license-matcher

A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes. (by spdx)
spdx license-matcher license-text license-compare
Source Code
Suggest alternative
Edit details
InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors
tern spdx-license-matcher
1 -
932 25
0.5% -
3.2 4.7
about 2 months ago 3 months ago
Python Python
BSD 2-clause "Simplified" License GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

tern

Posts with mentions or reviews of tern. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-06-30.
  • Learn by reading code: Python standard library design decisions explained
    4 projects | news.ycombinator.com | 30 Jun 2021
    A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.

    Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.

    [0] https://github.com/tern-tools/tern

spdx-license-matcher

Posts with mentions or reviews of spdx-license-matcher. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning spdx-license-matcher yet.
Tracking mentions began in Dec 2020.

What are some alternatives?

When comparing tern and spdx-license-matcher you can also consider the following projects:

ort - A suite of tools to automate software compliance checks.

scancode-toolkit - :mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

cdxgen - Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

reuse-tool - reuse is a tool for compliance with the REUSE recommendations.

goodcode - A curated collection of annotated code examples from prominent open-source projects

spdx-spec - The SPDX specification in MarkDown and HTML formats.

import-linter - Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.

deferred-import - Lazy import and install on demand Python packages

openRiskScore - A python framework for risk scoring

tern vs ort spdx-license-matcher vs scancode-toolkit tern vs awesome-security-GRC spdx-license-matcher vs ort tern vs cdxgen spdx-license-matcher vs reuse-tool tern vs goodcode tern vs spdx-spec tern vs import-linter tern vs deferred-import tern vs scancode-toolkit tern vs openRiskScore