How to use the tern.formats.spdx.formats function in tern
To help you get started, we’ve selected a few tern examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
vmware / tern / tern / formats / spdx / spdxtagvalue / generator.py View on Github 
def get_document_namespace(image_obj):
'''Given the image object, return a unique SPDX document uri.
This is a combination of the human readable id from the image
object and the tool name'''
return spdx_formats.document_namespace.format(
image_id=image_obj.get_human_readable_id(),
version=get_git_rev_or_version()[1])def get_package_comment(origins):
'''Return a PackageComment tag-value text block for a list of
NoticeOrigin objects'''
comment = ''
if origins:
for notice_origin in origins:
comment = comment + content.print_notices(
notice_origin, '', '\t')
return spdx_formats.package_comment.format(comment=comment)
return commentdef get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return blockdef get_layer_relationships(layer_obj, prev_layer_spdxref=None):
'''Given the layer object, return the relationships of the layer
objects to packages and to the previous layer'''
block = ''
layer_reference = get_layer_spdxref(layer_obj)
if prev_layer_spdxref:
block = block + spdx_formats.prereq.format(
after=layer_reference, before=prev_layer_spdxref) + '\n'
for package in layer_obj.packages:
block = block + spdx_formats.contains.format(
outer=layer_reference, inner=get_package_spdxref(package)) + '\n'
return blockdef get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return blockdef get_package_spdxref(package_obj):
'''Given the package object, return an SPDX reference ID'''
return 'SPDXRef-{}'.format(
spdx_formats.package_id.format(
name=package_obj.name,
ver=package_obj.version).replace(':', '-', 1))def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return block# Add the package part for each package
# There are no relationships to be listed here
for layer_obj in image_obj.layers:
for package_obj in layer_obj.packages:
package_dict = package_obj.to_dict(template)
# update the PackageLicenseDeclared with a LicenseRef string
# only if the license data exists
if ('PackageLicenseDeclared' in package_dict.keys() and
package_obj.pkg_license):
package_dict['PackageLicenseDeclared'] = \
get_license_ref(package_obj.pkg_license)
if ('PackageCopyrightText' in package_dict.keys() and
package_obj.copyright):
package_dict['PackageCopyrightText'] = \
spdx_formats.block_text.format(
message=package_obj.copyright)
# collect all the individual licenses
if package_obj.pkg_license and package_obj.pkg_license \
not in licenses_found:
licenses_found.append(package_obj.pkg_license)
report = report + get_main_block(
package_dict,
package_obj.origins.origins,
SPDXID=get_package_spdxref(package_obj),
PackageLicenseConcluded='NOASSERTION',
FilesAnalyzed='false') + '\n'
return report + get_license_block(licenses_found)def get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return blockdef get_document_block(image_obj):
'''Return document related SPDX tag-values'''
block = spdx_formats.spdx_version + '\n'
block = block + spdx_formats.data_license + '\n'
block = block + spdx_formats.spdx_id + '\n'
block = block + spdx_formats.document_name.format(
image_name=image_obj.get_human_readable_id()) + '\n'
block = block + get_document_namespace(image_obj) + '\n'
block = block + spdx_formats.license_list_version + '\n'
block = block + spdx_formats.creator.format(
version=get_git_rev_or_version()[1]) + '\n'
block = block + spdx_formats.created.format(
timestamp=datetime.datetime.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")) + '\n'
block = block + spdx_formats.document_comment + '\n'
return blocktern
An inspection tool to find the OSS compliance metadata of the packages installed in a container image.
Package Health Score
59 / 100Popular tern functions
- tern.analyze.common
- tern.classes.notice.Notice
- tern.classes.package.Package
- tern.command_lib.command_lib
- tern.command_lib.command_lib.get_base_listing
- tern.command_lib.command_lib.get_pkg_attr_list
- tern.formats.spdx.formats
- tern.report.errors
- tern.report.errors.no_listing_for_base_key.format
- tern.report.formats
- tern.utils.constants
- tern.utils.constants.logger_name
- tern.utils.constants.shell
- tern.utils.general
- tern.utils.general.get_git_rev_or_version
- tern.utils.rootfs
- tern.utils.rootfs.get_working_dir
- tern.utils.rootfs.mount_base_layer
- tern.utils.rootfs.prep_rootfs
- tern.utils.rootfs.undo_mount