Integrate Tern with Vulnetix. Generate CycloneDX or SPDX SBOMs from container images with Tern and upload to Vulnetix for supply chain security analysis.
PythonCLI toolCycloneDXSPDXJSON
Install & scan
$ # Recommended — run without global install uv run --with tern tern --version # Or install globally pip install tern $ uv run --with tern tern report -f cyclonedxjson -i myimage:latest
Run Tern in CI
Scan on every push and upload the results to Vulnetix:
- name: Generate SBOM with Tern
run: uv run --with tern tern report -f cyclonedxjson -i myapp:${{ github.sha }} > tern-sbom.cdx.json
- name: Upload to Vulnetix
run: vulnetix upload --file tern-sbom.cdx.json
Centralise Tern results in Vulnetix
Upload Tern CycloneDX, SPDX, JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.