tern VS spdx-spec

Compare tern vs spdx-spec and see what are their differences.

tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)
Python Containers oss-compliance sbom Docker Compliance spdx Tool Dependencies software-composition-analysis risk-management open-source supply-chain-security metadata-extraction
Source Code
Suggest alternative
Edit details

spdx-spec

The SPDX specification in MarkDown and HTML formats. (by spdx)
spdx Specification software-package-data-exchange Licenses linux-foundation
Source Code
spdx.github.io
Suggest alternative
Edit details
WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors
tern spdx-spec
1 4
932 268
0.5% 5.2%
3.2 4.7
about 2 months ago 3 days ago
Python Python
BSD 2-clause "Simplified" License GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

tern

Posts with mentions or reviews of tern. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-06-30.
  • Learn by reading code: Python standard library design decisions explained
    4 projects | news.ycombinator.com | 30 Jun 2021
    A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.

    Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.

    [0] https://github.com/tern-tools/tern

spdx-spec

Posts with mentions or reviews of spdx-spec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-09-10.

What are some alternatives?

When comparing tern and spdx-spec you can also consider the following projects:

ort - A suite of tools to automate software compliance checks.

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

PNG-spec - Maintenance of the PNG specification

cdxgen - Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962

beacon-APIs - Collection of RESTful APIs provided by Ethereum Beacon nodes

goodcode - A curated collection of annotated code examples from prominent open-source projects

activitystreams - Activity Streams 2.0

import-linter - Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.

spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.

Licenses Library - Lightweight Android library which provides most common licenses in formatted and plain text

tern vs ort spdx-spec vs syft tern vs awesome-security-GRC spdx-spec vs PNG-spec tern vs cdxgen spdx-spec vs beacon-APIs tern vs goodcode spdx-spec vs activitystreams tern vs import-linter spdx-spec vs ort tern vs spdx-license-matcher spdx-spec vs Licenses Library