purl-next: Deploy and advocate for PURL in ecosystems for improved security #56
Description
We should help to improve the security posture of all open source software, by building upon the tooling and test suites from the PURL validation, with three key actions on ecosystems for leverage.
All of this work strengthens the overall open source software supply chain security by ensuring PURLs are correct and valid across software ecosystems, and improves PURL's resiliency by giving ownership of the PURL specification for PURL types to the major foundations, open source package ecosystems, and open source projects.
- purl-next: Share PURL validation for major open source foundations #57
- purl-next: Validate the integrity of PURL source and binaries of popular packages in major package ecosystems. #61
- purl-next: Create CI/CD integration for PURL validation #66
- purl-next: Package a service and library for PURL binary validation scancode.io#1770
- purl-next: Report and work with upstream FOSS projects to resolve issues #69