Ensure advisories have proper Package-URLs #4
Description
Since I reckon the plan is to use the OSV format for advisories, it would be great to ensure advisories have proper Package-URLs (PURLs) for packages. PURLs are part of the OSV schema are bur also core to CycloneDX, as well as CSAF, and are supported in SPDX. They are also now part of the latest CVE schema 5.2. So using PURL is a good way to help interop between all the formats in that formats zoo!
PS: I am leading the PURL spec work, and I am on hand to help.