purl2all
Discover metadata for software packages
While we often simplify our mental model of the software supply chain by only looking at how source code is maintained and compiled with other source code into binaries which are distributed, in reality there are many more stakeholders that provide or curate information about software which is used by others as part of their decision process - and there are many supply chains concurrently, some of which are intertwined. The purl (package-url) initiative allows this information to be aggregated from all the different stakeholders in the software supply chains.
The purl2all project aims to build a real-time, on-demand, decentralized and distributed knowledge base for all kinds of software packages metadata that can be used by other services that need the metadata; such as ScanCode, VulnerableCode, or any system, application or library using package-url (purl) as a way to identify packages and versions to lookup this data.
The outcome will be a decentralized, on-demand software metadata collection system that will complement or replace centralized batch systems.
- The project's own website: https://www.aboutcode.org
Run by AboutCode.org
This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.
