Tern + Scancode #1827

- install Scancode in Tern container

sechub-pds-solutions/tern/docker/Tern-Debian.dockerfile

@@ -9,31 +9,20 @@ LABEL org.opencontainers.image.title="SecHub Tern+PDS Image"
 LABEL org.opencontainers.image.description="A container which combines Tern with the SecHub Product Delegation Server (PDS)"
 LABEL maintainer="SecHub FOSS Team"
 
-ARG TERN_VERSION="2.10.1"
+ARG TERN_VERSION="2.11.0"
+ARG SCANCODE_VERSION="31.2.1"
 
 # execute commands as root
 USER root
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get --quiet update && \
     apt-get --quiet --assume-yes upgrade && \
-    apt-get --quiet --assume-yes install wget \
-                                         attr \
-                                         jq \
-                                         skopeo \
-                                         python3-pip \
-                                         git \
-                                         bzip2 \
-                                         xz-utils \
-                                         zlib1g \ 
-                                         libxml2-dev \
-                                         libxslt1-dev \
-                                         libgomp1 \
-                                         libpopt0 && \
+    apt-get --quiet --assume-yes install wget attr jq skopeo python3-pip procps tar python3 python3-distutils python-dev git bzip2 xz-utils zlib1g libxml2-dev libxslt1-dev libgomp1 libpopt0 && \
     apt-get --quiet --assume-yes clean
 
 # Install Tern
-RUN pip install --no-warn-script-location "tern==$TERN_VERSION"
+RUN pip install --no-warn-script-location "tern==${TERN_VERSION}" "scancode-toolkit[full]==${SCANCODE_VERSION}"
 
 # Copy PDS configfile
 COPY pds-config.json "$PDS_FOLDER"/pds-config.json

sechub-pds-solutions/tern/docker/pds-config.json

@@ -1,19 +1,28 @@
 {
-    "apiVersion" : "1.0",
-    "serverId" : "TERN_CLUSTER", 
-
-    "products" : [
+    "apiVersion": "1.0",
+    "serverId": "TERN_CLUSTER",
+    "products": [
         {
-            "id" : "PDS_TERN",
-            "path" : "/scripts/tern.sh",
-            "scanType" : "licenseScan",
-            "description" : "Runs tern. Tern is a container analysis tool."
+            "id": "PDS_TERN",
+            "path": "/scripts/tern.sh",
+            "scanType": "licenseScan",
+            "description": "Runs tern. Tern is a container analysis tool.",
+            "minutesToWaitForProductResult": "660",
+            "parameters": {
+                "optional": [
+                    {
+                        "key": "scancode.activated",
+                        "description": "Activate scancode-toolkit while scanning.",
+                        "default": "false"
+                    }
+                ]
+            }
         },
         {
-            "id" : "PDS_TERN_MOCK",
-            "path" : "/scripts/tern_mock.sh",
-            "scanType" : "licenseScan",
-            "description" : "Runs tern. Tern is a container analysis tool."
+            "id": "PDS_TERN_MOCK",
+            "path": "/scripts/tern_mock.sh",
+            "scanType": "licenseScan",
+            "description": "Runs tern. Tern is a container analysis tool."
         }
     ]
-}
+}

sechub-pds-solutions/tern/docker/scripts/tern.sh

@@ -8,6 +8,8 @@ function log_step() {
     printf '\n>> %s\n' "$message"
 }
 
+options = ""
+
 if [[ "$PDS_JOB_HAS_EXTRACTED_BINARIES" == "true" ]]
 then
     log_step "Has extracted binaries"
@@ -50,8 +52,14 @@ then
     exit 3
 fi
 
+if [[ "$SCANCODE_ACTIVATED" == "true" ]]
+then
+    log_step "Activate scancode while scanning."
+    options+=" -x scancode "
+fi
+
 log_step "Starting Tern"
 echo "Analyzing: $tar_file"
 echo "Path: $tar_file_path"
 
-tern report -f spdxjson -w "$tar_file_path" -o "$PDS_JOB_RESULT_FILE"
+tern report -f spdxjson -w "$tar_file_path" -o "$PDS_JOB_RESULT_FILE" $options