Show package type in text report

[sameer1046]

The package type should be shown in the report or PURL and if possible then URL also.

+----------------------------------+------------+-------------------------------------+
| Package                          | Version    | License                             |**_Package Type_**
+----------------------------------+------------+-------------------------------------+

[rnjudge]

Thanks for the suggestion, @sameer1046. Can you provide a little more detail about how the package type information would benefit you/the use case you had in mind? Does knowing the package type change how you interpret the license or do you use the package type information to make other reasonings about the SBOM? Tern will tell you the package manager it uses to collect the information in the report which I feel implies the package type without too much extrapolation work from the user.

As far as the PURL/URL, Tern will report this information, if available, in the more verbose reports (json, spdx, yaml, etc).

[sameer1046]

Thanks We need the package type info like npm,maven, nuget, debian etc in text file so that we can determine the source url and can verify the copyright and licence. The yml, json file is too long to be processed by a human and not practical. The txt file is nicely formatted and looks very good.

[rnjudge]

@nishakm thoughts on this?

[nishakm]

Thanks We need the package type info like npm,maven, nuget, debian etc in text file so that we can determine the source url and can verify the copyright and licence. The yml, json file is too long to be processed by a human and not practical. The txt file is nicely formatted and looks very good.

I don't think it would be hard to add the package format to the output. That might be a good datapoint to add as to what was used to inventory.

[rnjudge]

Thanks We need the package type info like npm,maven, nuget, debian etc in text file so that we can determine the source url and can verify the copyright and licence. The yml, json file is too long to be processed by a human and not practical. The txt file is nicely formatted and looks very good.

I don't think it would be hard to add the package format to the output. That might be a good datapoint to add as to what was used to inventory.

No, it would be straightforward to add. I more just want to make sure we are not clogging up the default report. Let me test this out and see how it looks. I'll solicit reviews from you and @sameer1046 when it's ready for feedback.

[rnjudge]

@sameer1046 How does this look for you?

Packages found in Layer: 
+------------------------+------------------------------+---------+------------+
| Package                | Version                      | License | Pkg Format |
+------------------------+------------------------------+---------+------------+
| adduser                | 3.118                        |         | deb        |
| apt                    | 2.2.2                        |         | deb        |
| base-files             | 11                           |         | deb        |
| base-passwd            | 3.5.49                       |         | deb        |
| bash                   | 5.1-2+b1                     |         | deb        |
| bsdutils               | 1:2.36.1-7                   |         | deb        |
| coreutils              | 8.32-4+b1                    |         | deb        |
| dash                   | 0.5.11+git20200708+dd9ef66-5 |         | deb        |
| debconf                | 1.5.75                       |         | deb        |