Features

Tern: Soaring Through Container Images

Josh Long interviews Nisha Kumar and Rose Judge on Project Tern

Nisha Kumar (@NishaKMR) and Rose Judge (@RoseJudge5) spent time with Josh Long talking about the Tern project and how it contributes to the container community. 

Tern is a VMware-originated open source tool that gathers metadata for the packages installed in a container, and produces a Software Bill of Materials (SBoM) for that image. Tern can help a user find information about the contents of a container, layer by layer, without requiring the user to have in-depth technical knowledge about how the container was built. Nisha and Rose talk about what drew them to this project and how they believe it is contributing to the open source community. The project has been donated to the Linux foundation and is enabled for as many users as possible. 

The Arctic Tern is a bird with one of the longest migration paths, flying from the North Pole to the South Pole and back. The same way that Tern software will move from top to bottom through the layers of your container.

Josh talks about examples of projects that have thousands of lines of codes within containers and how he finds immediate value in having an automatic way of inspecting the embedded code in order to rely on compliance. He also wonders what issues he may have invited into code by not having an inspection listing of all of his code to date. 

https://spring.io/blog/2020/06/19/a-bootiful-podcast-nisha-kumar-and-rose-judge-on-the-linux-foundation-s-project-tern 

More detailed conversation ensues about how the growing container community will benefit from technologies such as these. Tern is agnostic, providing full power to the person who is interpreting the SBoM to determine what is appropriate to be in the container. If unlicensed code is found, it is up to the user to determine whether that code should continue to be included or replaced. 

Together with Nisha and Rose, Josh covers a number of examples and makes suggestions for potential expansion of the project in the future. They both cover their backgrounds and what sparked their interest in this project. Additionally, Rose introduces the two Tern interns who will be working on the project as part of Google’s Summer of Code. 

Listen to the full podcast for an enlightening exchange between the Tern maintainers to hear more about what you can expect to see from this project in the near future.