vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Ingest github ecosystems

Open pombredanne opened this issue 3 years ago • 3 comments

We have some issue wrt Go that needs to purl library updates.

pombredanne avatar Dec 08 '22 17:12 pombredanne

Available ecosystems that we are not ingesting right now: Erlang, Go, Pub, Rust

TG1999 avatar Dec 28 '22 08:12 TG1999

I would like to work on this issue.

I have raised a PR for ingesting Pub data. PR #1417. Started with this as the number of advisories was less so it is easier to cross verify

Wrt the remaining ecosystems, I believe Rust would be very similar to Pub - with the minor difference that in the mapping dictionary the mapping would be "RUST": "cargo"

For Erlang, I do not think it is supported yet in purl-spec (https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst). So not sure if we can create a PR on it until purl-spec supports it.

For Go, I believe we have to work on #742 first before we can take this issue up.

shravankshenoy avatar Feb 12 '24 09:02 shravankshenoy