Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
We need to find, scan and index the source package of a distro package found in a container.
Why? the binaries most often have sketchy origin and license data.
Some specific issues for specific distros (more to add):
We need to find, scan and index the source package of a distro package found in a container. Why? the binaries most often have sketchy origin and license data. Some specific issues for specific distros (more to add):