tdruez

> Currently DejaCode seems to be unable to convert nuget PURLs to download URLs, hence ScanCode.io does not process those packages. So likely this is a change needed in the...

This is an issue with django-grappelli, entered as https://github.com/sehmaschine/django-grappelli/issues/1076

> The expected behavior is that DejaCode would either restart the pipeline if it already exists or deletes and recreates it. > Perhaps behavior could also be changed on ScanCode.io's...

Added in https://github.com/aboutcode-org/dejacode/pull/319 - `download_url` - `repository_download_url` - `repository_homepage_url` - `bug_tracking_url` - `code_view_url` - `vcs_url` - `api_data_url` - `size` - `md5` - `sha1` - `sha256` - `sha512`

@ghsa-retrieval Thanks for reporting this with such great details 👍 A solution was implemented in https://github.com/aboutcode-org/dejacode/pull/308 is available in the latest `main` branch and the new v5.3.0 release. From https://github.com/aboutcode-org/dejacode/pull/308:...

> Note: I think your example entries for the PurlDB have BINARY and SOURCE_ARCHIVE swapped. Good catch, I've updated the comment: `boto3-1.37.26-py3-none-any.whl` -> package_content=`BINARY` `boto3-1.37.26.tar.gz` - >package_content=`SOURCE_ARCHIVE` > How would...

@keshav-space Could you provide some context about the need for adding a `project_purl` field? Why not use the `uuid` for example? It seems to me that this is not directly...

> We want to store the scancode.io scan results in git repositories, and we use PURL to determine the git repository and the exact directory path where the scan should...

> @tdruez yes, namespace package directory should not contain __init__.py Fair enough, but it seems quite unrelated to the context of this PR. It would be better to open an...

Thanks for the clarification. Let's merge then!