Open chinyeungli opened 1 week ago
Moving to the scancode-toolkit repo for discussion as the purl values are generated there.
extractcode converter-moshi-2.9.0.jar
scancode --json-pp - --package converter-moshi-2.9.0.jar-extract
"packages": [
{
"type": "jar",
"namespace": null,
"name": "retrofit2.converter.moshi",
"version": null,
"qualifiers": {},
"subpath": null,
"primary_language": null,
"description": null,
"release_date": null,
"parties": [],
"keywords": [],
"homepage_url": null,
"download_url": null,
"size": null,
"sha1": null,
"md5": null,
"sha256": null,
"sha512": null,
"bug_tracking_url": null,
"code_view_url": null,
"vcs_url": null,
"copyright": null,
"holder": null,
"declared_license_expression": null,
"declared_license_expression_spdx": null,
"license_detections": [],
"other_license_expression": null,
"other_license_expression_spdx": null,
"other_license_detections": [],
"extracted_license_statement": null,
"notice_text": null,
"source_packages": [],
"is_private": false,
"is_virtual": false,
"extra_data": {},
"repository_homepage_url": null,
"repository_download_url": null,
"api_data_url": null,
"package_uid": "pkg:jar/retrofit2.converter.moshi?uuid=8b522553-e548-4552-9b36-fcd234529882",
"datafile_paths": [
"converter-moshi-2.9.0.jar-extract/META-INF/MANIFEST.MF"
],
"datasource_ids": [
"java_jar_manifest"
],
"purl": "pkg:jar/retrofit2.converter.moshi"
}
],
See the "purl": "pkg:jar/retrofit2.converter.moshi"
For the following JAR files:
The returned purl from SCIO scans are
However, there are appreciated maven purls that can be found (that's what I found from the web):
Why aren't the maven purls returned?