commit | 4f8f5f2d535fa78c6e9f91e4958b1a1b04fa22b1 | [log] [tgz] |
---|---|---|
author | Simon Mavi Stewart <simon_stewart@apple.com> | Fri May 17 11:39:27 2024 +0100 |
committer | Simon Mavi Stewart <simon_stewart@apple.com> | Fri May 17 11:39:27 2024 +0100 |
tree | 0744a90eb623fb18f5f726056c507b97a10a2ff6 | |
parent | bcffeb0c481d178cbee69bdc7e23ef22d3a087b1 [diff] |
Add `purl` to the `PackageInfo` provider A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programing languages, package managers, packaging conventions, tools, APIs and databases. The most relevant usage is within a CycloneDX-format SBOM, as documented here: https://cyclonedx.org/docs/1.6/json/#components_items_purl There is not enough information in the existing `PackageInfo` to successfully construct a valid pURL, so adding this here avoids any possible ambiguity.
This repository contains a set of rules and tools for
WARNING: The code here is still in active initial development and will churn a lot.
If you want to follow along:
Last update: October 22, 2023
Performance improvements
Sub-SBOMs for tools
TBD
These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.