-
-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OTP Purl implementation #35
Comments
Shouldn’t https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#hex |
@maennchen I'm not sure. These are not installed from hex package manager so this might be more accurate |
Interesting to see this being used. Did your needs match the "background" in the OTP Purl proposal? Please note that this spec should be considered experimental: there was quite a bit of opposition at the time, hence this is marked as a "draft". I haven't heard any better ideas for tracking the contents of a release, for those things that don't come from Hex (in particular Erlang/Elixir standard library applications). |
The use case I'm using it for is to document packages that are bundled with rabbitmq. |
Hi,
I wanted to let you know I created an implementation to detect OTP application and return Purl matching your spec in Syft (anchore/syft#2403).
Here is an example of it in action in a custom build of RabbitMQ (built for the RabbitMQ Docker Official Image but with the custom scanner)
https://explore.ggcr.dev/?blob=laurentgoderre689/rabbitmq@sha256:3fee3016c2f207cfbd47eac190a3b3d3a89bfe8d00cb1178f3d8086e4d93f94d&mt=application%2Fvnd.in-toto%2Bjson&size=848381
(Search for
pkg:otp/accept@0.3.5
)The text was updated successfully, but these errors were encountered: