Skip to content

Adding purl to generated SBOM #39254

New issue
Jump to bottom
New issue
Jump to bottom
Open
microsoft/vcpkg-tool
#1482
Open
Adding purl to generated SBOM#39254
microsoft/vcpkg-tool
#1482
Assignees
LilyWangLL
Labels
category:port-featureThe issue is with a library, which is requesting new capabilities that didn’t exist
@KUGA2

Description

@KUGA2
KUGA2
opened on Jun 12, 2024

Is your feature request related to a problem? Please describe.

We use Black Duck for license and vulnerability scanning. I can upload a vcpkg-generated SBOM there, but it does not find any match. I am told, this is because vcpkgs SBOM are missing a purl element.

Proposed solution

Finish up this ongoing purl definition #32732 (or package-url/purl-spec#245) then add it to the generated SBOMs.

Describe alternatives you've considered

We have also contacted Synopsis. Maybe they can do something to support vcpkgs SBOMS without purl.
This suggestion (#30461) might also work, but I am not sure.

Additional context

No response

Metadata

Assignees

Labels

category:port-featureThe issue is with a library, which is requesting new capabilities that didn’t exist

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions