-
Bombon generates Package URLs, such as these:
```
pkg:nix/glibc@2.39
```
As far as I can see, there is no CVE data source for these PURLs. Is there any advice on how to handle these for vulner…
-
We want to have a service that allows users to create public & private PURLs, similar to a URL shortener. These would be available at https://url.obl.ong/domain/linkname
https://en.wikipedia.org/wi…
-
```
Register knowledgeblog.org with purl.org. Would be good to understand
whether we can use a partial redirect rule for all of kblog, or whether we need
one per subdomain.
```
Original issue re…
-
**Is your feature request related to a problem? Please describe.**
Recently you added new parsing for the purls that should work to create the right purls correctly.
**Describe the solution you'd …
-
**What happened**:
Syft has started to hard-code some groupIds for maven artefacts which leads to misleading PURLs when related artefacts are used as embedded instrumentation JARs.
Ultimately t…
-
Valid SBOMs can have a range of issues; missing pURLs, missing or invalid licenses, or just 'garbage' data. Ingesting such SBOMs can often lead to surprising results which we should minimally at least…
-
It appears we are missing an important part of the PURL spec, `type`, as can be seen below.
![image](https://github.com/SoftwareDesignLab/nvip-crawler/assets/60295839/cf2cebca-46d9-44ef-bf9e-f688e38c…
-
Given detected, uploaded, inspected or resolved packages, I would like to have a way to "enrich" the packages with the PurlDB data. This would imply:
- getting enhanced package data from the PurlDB…
-
Hi,
In the case where one of the PURLs in a batch is malformed, the querybatch returns a 400 for the entire batch without specifying which PURL(s) were malformed. Would it be possible to either:
…
-
A commonly noted problem with using HTTPS identifiers for ActivityPub is that some social network providers don't allow users to bring their own domain. So when the provider stops, offering service, t…
evanp updated
1 month ago