purldb icon indicating copy to clipboard operation
purldb copied to clipboard
verified publisher icon nexB

Retrieve SHA-256 hash for pypi packages

Open rogu-beta opened this issue 1 month ago • 0 comments

This is meant to address mapping issues from DejaCode because imported SBOMs for tools like cdxgen do not use SHA-1 anymore and as such DejaCode fails to find a match in PurlDB. Storing SHA-256 in PurlDB helps resolve this issue. For reference see: https://github.com/aboutcode-org/dejacode/issues/307

rogu-beta avatar Nov 14 '25 10:11 rogu-beta