When tools, APIs and databases process or store multiple package types, it is difficult to reference the same software package across tools in a uniform way. Often, these tools, specifications and API use relatively similar approaches to identify and locate software packages, each with subtle differences in syntax, naming and conventions.
PURL or Package URL standardizes existing approaches to reliably identify and locate software packages in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. As a URL string, PURL reliably references the same software package using a simple and expressive syntax and conventions based on familiar URLs.
PURL was originally developed by nexB for use in ScanCode and VulnerableCode, and is now the de-facto standard for vulnerability management and package references by SBOM projects like CycloneDX and SPDX, and in active use by most open source projects that need to identify packages and by many companies and organizations worldwide.
Watch this recorded webinar to learn more about how to use PURL and why it is becoming the de-facto standard for the Software Composition Analysis community.
Ready to learn more?