Skip to content

Sbom-tool generates cargo purl strings with extra "/" char #1050

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
henrylyons opened this issue May 13, 2025 · 1 comment
Open

Sbom-tool generates cargo purl strings with extra "/" char #1050

henrylyons opened this issue May 13, 2025 · 1 comment
Labels
accepted We are working on this and hope to release it into the product

Comments

@henrylyons
Copy link

The sbom-tool generates cargo purl references with an extra "/", for crates pulled from the default repository (https://crates.io). Example: pkg:cargo//unicode-ident@1.0.18

This behavior does not repro for other package managers, such as NuGet. Also, the cargo purl strings do not conform to the purl specification: https://github.com/package-url/purl-spec/blob/main/PURL-TYPES.rst
@jlperkins jlperkins added the needs triage Default status upon issue submission label May 15, 2025
@DaveTryon DaveTryon added accepted We are working on this and hope to release it into the product and removed needs triage Default status upon issue submission labels May 22, 2025
@RodneyRichardson
Copy link

Looks to be caused by this: microsoft/component-detection#1172

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted We are working on this and hope to release it into the product
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@RodneyRichardson @henrylyons @jlperkins @DaveTryon