Skip to content

Invalid purls when scanning Rust(cargo) repository #1172

New issue
New issue
Open
#1410
Open
Invalid purls when scanning Rust(cargo) repository#1172
#1410
Labels
detector:rustThe Rust Cargo detectorgood first issueGood for newcomersstatus:readyReady to start implementationtype:bugBug fix of existing functionality
@kennylam91

Description

@kennylam91
kennylam91
opened on Jun 13, 2024

Hi guys,
When I scan a Rust(cargo) repository (e.g https://github.com/rust-lang/rustlings), the sbom file result contains these purls:

pkg:cargo//ryu@1.0.17#
pkg:cargo//which@6.0.1#
pkg:cargo//hashbrown@0.14.3#
pkg:cargo//anstream@0.6.13#
pkg:cargo//regex-automata@0.4.6#

As per purl-specification, these purls seem not to be valid with //
And when extracting them, the name info would include a slash (e.g /ryu instead of ryu)

Metadata

Metadata

Assignees

No one assigned

    Labels

    detector:rustThe Rust Cargo detectorgood first issueGood for newcomersstatus:readyReady to start implementationtype:bugBug fix of existing functionality

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions