Software:Package URL

From HandWiki

Revision as of 06:08, 20 June 2023 by TaniaWiki (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Short description: Package URL is a spec to identify software packages in SBOM and supply chain

A Package URL (PURL) is a Uniform Resource Locator (URL) (i.e., location-based Uniform Resource Identifier or URI) that is used to identify a software package across software Package managers, Software Composition Analysis (SCA) tools and databases. PURLs are used as package identifiers in:

SBOM (Software Bill of Material) such as in CycloneDX^[1] and SPDX^[2]
Vulnerability databases ^[3] ^[4]

References

↑ "CycloneDX usage of PURL for components". 19 June 2023. https://cyclonedx.org/docs/1.4/json/#components_items_purl.
↑ "SPDX usage of PURL as external identifier". 19 June 2023. https://spdx.github.io/spdx-spec/v2.3/external-repository-identifiers/#f35-purl.
↑ "Open Source Vulnerability schema 1.5". 19 June 2023. https://ossf.github.io/osv-schema/#affectedpackage-field.
↑ "Sonatype OSS Index". 19 June 2023. https://ossindex.sonatype.org/doc/coordinates.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Package URL. Read more

Retrieved from "https://handwiki.org/wiki/index.php?title=Software:Package_URL&oldid=2887296"

Perl software