wg-securing-critical-projects icon indicating copy to clipboard operation
wg-securing-critical-projects copied to clipboard

Published 20 hours ago verified publisher icon ossf

Include the purls of the software in the list

Open andrewpollock opened this issue 1 year ago • 1 comments

It's great that https://docs.google.com/spreadsheets/d/1ONZ4qeMq8xmeCHX03lIgIYE4MEXVfVL6oj05lbuXTDM/edit#gid=577559548 exists. It'd be helpful for cross-referencing if the purls of each of these were included in the list.

andrewpollock avatar Nov 02 '23 05:11 andrewpollock

In addition to using purl's github type in most of the rows, I would suggest adding "akas" from other types, specifically Linux packages, Docker, and generic types; and I would also suggest CPEs. Projects that can help with this include:

  • https://github.com/scanoss/purl2cpe
  • https://github.com/nexB/vulnerablecode-purl2cpe
  • https://github.com/repology/repology-rules

bureado avatar Nov 03 '23 02:11 bureado