This summer, Tern participated in its first Google Summer of Code (GSoC) under the Python Software Foundation (PSF) organization. GSoC is a global program that aims to increase student participation in open source software development. The program officially runs from June to August but GSoC interns are often involved with the projects long before that. Tern is a VMware-originated open source project that aims to make container compliance easier. In 2018, Tern was donated to the Linux Foundation and currently sits under the Linux Foundation Automated Compliance Tooling umbrella. The project is co-maintained by Nisha Kumar and me, Rose Judge. Nisha and I are Open Source Engineers at VMware’s Open Source Technology Center.
Before participating as a GSoC intern in any official capacity, students apply to the projects they are interested in. To apply, they submit proposals of tasks they hope to complete over the summer (like features or bug fixes) and an outline of the schedule they will follow to complete them. Tern had two student interns this summer, Junlai Wang and Abhay Katheria. Junlai is in his first year of postgraduate studying Signal Processing at Beihang University, in Beijing, China and Abhay is in his second year of undergraduate studying Computer Science at MNNIT Allahabad in Allahabad, India.
Prior to submitting GSoC applications to Tern, both students had been active members of the Tern community and had already contributed code to the project. The GSoC summer program is broken out into three different evaluation periods. At each check point, students must be on track to finishing their proposed projects in order to pass the evaluation period. An additional requirement for PSF interns is to write a weekly blog that tracks student progress. You can follow along with Junlai and Abhay on their journeys.
Throughout the summer, Nisha and I would meet weekly with interns over Zoom and discuss their progress for the week as well as any issues they were having in their development process. We also communicated frequently on Slack. The check-ins gave us a chance to review any pull requests the interns had opened and discuss the best way to implement what they were working on.
The focus for each intern varied slightly this summer, but both students were responsible for adding new features to Tern.
Abhay first worked on creating an HTML report format for Tern. The HTML reporting format was designed to give users a way to view output reports in an interactive, user-friendly web page instead of parsing through JSON reports from a text file. Abhay then moved on to enabling the collection of package information from language package managers (specifically npm, pip and golang) during analysis. Prior to his work this summer, the Tern project supported most operating system package managers but had no support for language package managers. Thanks to Abhay’s work, Tern can now collect package/module information for Node, Python and Golang packages. This greatly improves the amount of package metadata that Tern can collect in a container and provide to the user in the output report.
“When I made my first contribution, I knew very little about writing production-ready code. Rose and Nisha taught me how to write readable code, comments and proper commit messages in a professional and informative way. I learned advanced Python libraries like subprocess, regex, docker, etc. I also learned how plugins in Python work, about CI/CD, the packaging of golang modules, docker and shell scripting. It was a real learning experience for me.”
– Abhay Katheria, Tern Summer Intern
Junlai also focused on two different features this summer. His first task focused on significantly improving Tern’s native parsing ability for RUN commands using the shlex library. Tern relies on the parsing of Dockerfile RUN commands to detect layers in a container where software is being installed. Once detected, Tern attempts to report on the metadata of the software being installed. The second feature Junlai implemented was enabling Tern to analyze multistage Dockerfiles. Multistage building is a mechanism in Docker used to create multiple intermediate images from the same Dockerfile. (Note from the Tern maintainers: While it is true that multistage builds can reduce the number of Dockerfiles and potential build scripts you have to maintain, they can also make it extremely difficult to track artifacts, sources and dependencies from intermediate build stages – use with caution!) Adding the ability to analyze multistage Dockerfiles is a significant improvement to Tern’s image analysis capabilities.
“This is the first time that I’ve participated in an open source project. During my time working with the project, I have learned that communication is very important. We have weekly meetings to discuss my progress and plan for the next week. My mentors gave me lots of advice and I would send my feedback. In the aspect of coding, I have learned the following: 1) Try to break the big issue into small and separate ones. This will be helpful for review and clarity. 2) Take down notes on your progress. 3) Good comments will improve the logic of code and help others to understand your code. Overall, I have spent a great summer with the Tern team.”
– Junlai Wang, Tern Summer Intern
On a personal note, the best part of mentoring this summer was getting to watch the students grow into competent open source contributors. Before they were brought aboard as official interns, they were opening PRs and fixing smaller issues, but by the end of the summer they were thinking at a higher level and were able to consider different design decisions for the way they wanted to implement their features. One of my favorite parts about participating in GSoC is the community it has fostered around Tern. Even though Abhay and Junlai are located across the globe, we were still able to work together to significantly improve Tern’s feature set which is what open source is all about. I consider GSoC to be a valuable experience and one I feel not only benefited the Tern project, but also the mentors and interns. I look forward to working on more advanced features for Tern with Abhay and Junlai as their skills expand. Tern will most certainly benefit from future participation in the Google Summer of Code.
