Documentation
¶
Overview ¶
Package purl provides Package URL (PURL) generation and parsing utilities. PURLs are a standardized way to identify software packages across ecosystems. See: https://github.com/package-url/purl-spec
This package is used by: - SBOM generation (CycloneDX, SPDX) - CVE/vulnerability scanning (OSV.dev queries) - Compliance reporting
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PURL ¶
type PURL struct {
Type Type
Namespace string // owner or org (may include nested groups for GitLab)
Name string // repository or package name
Version string // version or commit hash
Qualifiers map[string]string
Subpath string
}
PURL represents a parsed Package URL
func FromGitURL ¶
FromGitURL creates a PURL from a git repository URL and version/commit. Uses the shared hostdetect package for consistent provider detection across the codebase (SBOM generation, supplier extraction, CVE scanning).
func FromGitURLWithFallback ¶
FromGitURLWithFallback creates a PURL from a git URL, falling back to generic type with the provided vendor name if the URL is invalid or empty
func (*PURL) SupportsVulnScanning ¶
SupportsVulnScanning returns true if this PURL type is supported by OSV.dev
func (*PURL) ToOSVPackage ¶
ToOSVPackage returns the package identifier format expected by OSV.dev API
type Type ¶
type Type string
Type represents the package type in a PURL
const ( TypeGitHub Type = "github" // GitHub repositories TypeGitLab Type = "gitlab" // GitLab repositories (including self-hosted) TypeBitbucket Type = "bitbucket" // Bitbucket repositories TypeGeneric Type = "generic" // Generic/unknown repository type )
PURL type constants for common git hosting providers