Open carlosthe19916 opened 6 days ago
This looks like a mix of data types. "Packages" is most like "PURLs" (which we still label incorrectly). Actual packages have an ID which is a UUID (because we use UUIDs in many cases internally).
What looks like a "package version" here is, most likely, actually the "version" component of a "PURL" from a container. Same format, but unknown to our system.
The endpoint /api/v1/package/{uuid}
does NOT work with packages, but with PURLs. The UUID is just accidentally a UUID, that should just be an "ID" field (which happens to be a UUID, but that's an implementation detail).
Steps to reproduce:
https://github.com/trustification/trustify/assets/2582866/6e1012b5-f0e1-43a8-b1d0-9eb1284b4044