search

whitesource-ps / ws-sbom-generator

WS SBOM Report Generator in SPDX or CycloneDX format
Apache License 2.0
31 stars 7 forks source link

[FR] [ws-sbom-generator] Add Purl information to SBOM #137

Open patspaeth opened 2 years ago

patspaeth commented 2 years ago

Is your feature request related to a problem? Please describe.
A clear unique identification (PURL) of each package/component is missing, but SBOM often includes several package types.

Describe the solution you'd like
Add PURL of each package/component (spdx & cdx format supports it) see also: https://github.com/package-url/purl-spec

Describe alternatives you've considered
N/A

Additional context
https://cyclonedx.org/docs/1.4/json/#components_items_purl https://github.com/spdx/spdx-spec/blob/development/v2.3.1/examples/SPDXJSONExample-v2.3.spdx.json#L132

DimarrWS commented 2 years ago

Hi @patspaeth ! We have not supported this functionality just now. This field (PURL) is not mandatory for SBOM reports regarding requirements. But we are open to discussing this possibility as paid specific service in the future.

SymbioticKilla commented 1 year ago

Hi @DimarrWS @rammatzkvosky,

any chance to get it in the near future? It seems to be obligatory feeld in SBOM for very famous large company.

Thanks!