Tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ Chat is at https://gitter.im/aboutcode-org/discuss
We should add support for namespace/import/package/include matching.
For instance we could index the provided packages and modules in Python, Ruby, Go.... with the source-inspector https://github.com/nexB/source-inspector and store an index here in the PurlDB, pointing to the package. The packages would of course be scanned as usual for origin and license. Then the matching part would collect imports from the scanned codebase and match that in PurlDB and get the corresponding package details.
We should add support for namespace/import/package/include matching.
For instance we could index the provided packages and modules in Python, Ruby, Go.... with the source-inspector https://github.com/nexB/source-inspector and store an index here in the PurlDB, pointing to the package. The packages would of course be scanned as usual for origin and license. Then the matching part would collect imports from the scanned codebase and match that in PurlDB and get the corresponding package details.