purls do not appear to be validated before being added

scanoss / purl2cpe

PURL to CPE Relationship mapping project.

MIT License

69 stars 19 forks source link

purls do not appear to be validated before being added #5

Closed gitgitwhat closed 1 year ago

gitgitwhat commented 1 year ago

For example, look at purl2cpe/data/libav/libav/purls.yml

pkggithub/libav/libav is not correct. That shouldn't pass the most basic check.

I've processed the entire repo and there are thousands of invalid purls. Not sure how they are derived but some simple quality check using https://github.com/package-url/purl-spec would be very helpful.

scanossmining commented 1 year ago

Hi @gitgitwhat , thank you for reporting this. We've cleaned up the wrongly formatted purls and we'll add more checks in order to avoid these from showing up. Would you share with us the full list of invalid purls you detected, in order for us to investigate further?