CycloneDX / cyclonedx-cocoapods

Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
Apache License 2.0
21 stars 12 forks source link

Add repository_url to purl for internal pods #3

Closed macblazer closed 3 years ago

macblazer commented 3 years ago

To better identify internally developed and hosted CocoaPods, the purl element should have a repository_url parameter added to it when the pod is not from the main CocoaPods git repo or CDN.

repository_url is explained with a couple examples on this page: https://github.com/package-url/purl-spec

The main CocoaPods repositories are https://github.com/CocoaPods/Specs.git and https://cdn.cocoapods.org/.

stevespringett commented 3 years ago

Related to https://github.com/package-url/purl-spec/issues/103