You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A package URL is a unique identifier for a software package within a ecosystem. It's used for software composition analysis so that developers can run automations, vulnerability scans etc etc.
Would you consider submitting a proposal to https://github.com/package-url/purl-spec/issues and get carthage officially registered as a purl type for Carthage packages?
You'll find other iOS/macOS ecosystems already being present, like SPM or Cocoapods.
A starting point may be the Swift or Cocoapods specs in the PURL-TYPES.txt document, below is a proposal:
carthage
-----
``carthage`` for Carthage dependencies:
- There is no default package repository: this should be implied from `namespace`.
- The `namespace` is source host and user/organization and is required.
- The `name` is the repository name.
- The `version` is the package version and is required.
- Examples:
pkg:carthage/github.com/ReactiveCocoa/ReactiveCocoa@2.3.1
pkg:carthage/github.com/Mantle/Mantle@1.0
pkg:carthage/github.com/jspahrsummers/libextobjc@0.4.1
pkg:carthage/enterprise.local/ghe/desktop/git-error-translations@1.0.2
The text was updated successfully, but these errors were encountered:
Hi there Carthage team,
A package URL is a unique identifier for a software package within a ecosystem. It's used for software composition analysis so that developers can run automations, vulnerability scans etc etc.
Would you consider submitting a proposal to https://github.com/package-url/purl-spec/issues and get
carthageofficially registered as a purl type for Carthage packages?You'll find other iOS/macOS ecosystems already being present, like SPM or Cocoapods.
A starting point may be the Swift or Cocoapods specs in the PURL-TYPES.txt document, below is a proposal:
The text was updated successfully, but these errors were encountered: