[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[sw360-dev] Oldie but goldie: Component Identification
|
Hi,
I am sitting here with Alex from Codescoop and we are discussing how to match component entries between two systems. eventually we do not see another approach than
* use the artefact management domain as part of the identification for a component
* allow for some low percentage missing mappings to get it actually working
* because any own ids are not suitable
The next thing is how to actually apply a common naming for things like maven, nuget, pypi, composer, deb etc etc. because also you could have a decision on "mvn" or "maven", or composer vs cmp, and more discussions alike and how to have a compiled list on the first hand.
Of course we remember the purl proposal by Philippe and we are very much fond of taking the purl proposal for a definitive list of "artefact management domain" names which referred there as type:
https://github.com/package-url/purl-spec
-> see "Known purl types"
-> see "Other candidate types to define"
Any other thoughts on this?
in SW360 on component level we would need to add the field "type" and rename the existing field "category" (where we put value like "lib", "tool", "application", "database", etc.) to be consistent, but I think it is worth it, because the potential for solving a mapping problem and enabling a lot of use cases is huge.
Kind regards, Michael
