Detect software supply chain issues by mapping package binaries to their corresponding source code and determining if there are possible discrepancies between sources and sources (such as with the XZ utils attack, or sources and binaries, where package may not report the exact source code used to build binaries with the mapping analysis.
Should be "discrepancies between sources and binaries"
-
If reindex flag is True then existing package will be rescanned, if reindex_set is True then all the package in the same set will be rescanned. If reindex flag is set to true then all the non existing package will be indexed.
It's confusing about the reindex flag when it's set to True
-
unsupported_packages
A list of package urls that are not processable by the index queue.
The package indexing queue can only handle npm and maven purls.
I think we support more packages than just npm and maven?
-
If uuid is given then all purls will be added to package set if it exists else a new set would be created and all the purls will be added to that new set.
punctuation needed
-
Package Set List
Return a list of package sets and the package data of packages within
GET /api/projects/0bbdcf88-ad07-4970-9272-7d5f4c82cc7b/
I am wondering is GET /api/projects/0bbdcf88-ad07-4970-9272-7d5f4c82cc7b/ the correct command? It's the same GET as shown for "package details" https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/purldb/rest_api.html#package-details
-
Depending on the PurlDB size PurlWatch provides two different approach.
Should be
Depending on the size of PurlDB, PurlWatch provides two different approaches.
-
The watch frequency can be customized to balance the resource uses.
Perhaps should be
The watch frequency can be customized to balance resource usage.
https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/index.html
Should be "discrepancies between sources and binaries"
https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/purldb/rest_api.htm
It's confusing about the
reindexflag when it's set to TrueI think we support more packages than just npm and maven?
punctuation needed
I am wondering is
GET /api/projects/0bbdcf88-ad07-4970-9272-7d5f4c82cc7b/the correct command? It's the sameGETas shown for "package details" https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/purldb/rest_api.html#package-detailshttps://aboutcode.readthedocs.io/projects/PURLdb/en/latest/purldb/purl_watch.html
Should be
Depending on the size of PurlDB, PurlWatch provides two different approaches.
Perhaps should be
The watch frequency can be customized to balance resource usage.