OTP Purl implementation #35
Comments
|
Shouldn’t https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#hex |
|
@maennchen I'm not sure. These are not installed from hex package manager so this might be more accurate |
|
Interesting to see this being used. Did your needs match the "background" in the OTP Purl proposal? Please note that this spec should be considered experimental: there was quite a bit of opposition at the time, hence this is marked as a "draft". I haven't heard any better ideas for tracking the contents of a release, for those things that don't come from Hex (in particular Erlang/Elixir standard library applications). |
|
The use case I'm using it for is to document packages that are bundled with rabbitmq. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I wanted to let you know I created an implementation to detect OTP application and return Purl matching your spec in Syft (anchore/syft#2403).
Here is an example of it in action in a custom build of RabbitMQ (built for the RabbitMQ Docker Official Image but with the custom scanner)
https://explore.ggcr.dev/?blob=laurentgoderre689/rabbitmq@sha256:3fee3016c2f207cfbd47eac190a3b3d3a89bfe8d00cb1178f3d8086e4d93f94d&mt=application%2Fvnd.in-toto%2Bjson&size=848381
(Search for
pkg:otp/[email protected])The text was updated successfully, but these errors were encountered: