Standardizing FOSS package identifiers using Package-URL

When tools, APIs and databases process or store multiple package types, it is difficult to reference the same software package across tools in a uniform way. Often, these tools, specifications and API use relatively similar approaches to identify and locate software packages, each with subtle differences in syntax, naming and conventions.

PURL or Package-URL standardizes existing approaches to reliably identify and locate software packages in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. As a URL string, PURL reliably references the same software package using a simple and expressive syntax and conventions based on familiar URLs.

PURL was originally developed by nexB for use in ScanCode and VulnerableCode, and is now the de-facto standard for vulnerability management and package references by SBOM projects like CycloneDX and SPDX, and in active use by most open source projects that need to identify packages and by many companies and organizations worldwide.

Join this webinar to learn more about how to use PURL and why it is becoming the de-facto standard for the Software Composition Analysis community.

SPEAKER: Philippe Ombredanne,
nexB co-founder and CTO
Philippe Ombredanne is a passionate FOSS hacker on a mission to make it easier and safer to reuse FOSS code. He is the maintainer of ScanCode, the industry standard license detection tool along with other open source tools for software composition analysis and license and security compliance (aboutcode.org). Philippe contributes to several other projects including the Linux kernel SPDX-ification; the SPDX and ClearlyDefined projects, strace, several Python tools, and previously to JBoss, Eclipse and Mozilla. Philippe is also a long-time Google Summer of Code mentor and org admin. Work-wise, he is the CTO and co-founder of nexB, helping software teams track what’s in their code with DejaCode, an open source governance and compliance dashboard.

Sign up now