Skip to content

Retrieve SHA-256 hash for pypi packages#765

Merged
JonoYang merged 1 commit intoaboutcode-org:mainfrom
rogu-beta:pypi-sha256
Feb 24, 2026
Merged

Retrieve SHA-256 hash for pypi packages#765
JonoYang merged 1 commit intoaboutcode-org:mainfrom
rogu-beta:pypi-sha256

Conversation

@rogu-beta
Copy link
Contributor

@rogu-beta rogu-beta commented Nov 14, 2025

This is meant to address mapping issues from DejaCode because imported SBOMs for tools like cdxgen do not use SHA-1 anymore and as such DejaCode fails to find a match in PurlDB. Storing SHA-256 in PurlDB helps resolve this issue. For reference see: aboutcode-org/dejacode#307

@rogu-beta
Retrieve SHA-256 hash for pypi packages
dd4ad98 
This is meant to address mapping issues from DejaCode because imported SBOMs for tools like cdxgen do not use SHA-1 anymore and as such DejaCode fails to find a match in PurlDB. Storing SHA-256 in PurlDB helps resolve this issue. For reference see: aboutcode-org/dejacode#307

Signed-off-by: Robert Guetzkow <robert.guetzkow@betasystems.com>
@pombredanne
Copy link
Member

pombredanne commented Dec 8, 2025

Thanks! @JonoYang ping ... do you mind to review?

@JonoYang
Copy link
Member

JonoYang commented Feb 24, 2026

lgtm thanks!

@JonoYang JonoYang merged commit a053a3e into aboutcode-org:main Feb 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rogu-beta @pombredanne @JonoYang