You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the generated spdx sbom can not be used because it defines purl urls with the package manager instead of the repository:
e.g.
pkg:uv/aiofiles@23.2.1
when it should be
pkg:pypi/aiofiles@23.2.1
So the question is if this is intentional or if it should be changed to have the url contain the repository url instead of the specific package manager?
The text was updated successfully, but these errors were encountered:
Currently the generated spdx sbom can not be used because it defines purl urls with the package manager instead of the repository:
e.g.
when it should be
So the question is if this is intentional or if it should be changed to have the url contain the repository url instead of the specific package manager?
The text was updated successfully, but these errors were encountered: