sbom-tool icon indicating copy to clipboard operation
sbom-tool copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Sbom-tool generates cargo purl strings with extra "/" char

Open henrylyons opened this issue 5 months ago • 1 comments

The sbom-tool generates cargo purl references with an extra "/", for crates pulled from the default repository (https://crates.io). Example: pkg:cargo//[email protected]

This behavior does not repro for other package managers, such as NuGet. Also, the cargo purl strings do not conform to the purl specification: https://github.com/package-url/purl-spec/blob/main/PURL-TYPES.rst

henrylyons avatar May 13 '25 12:05 henrylyons