From: Arnout Engelen
Date: Friday, 3. May 2024 at 14:28
To: security-disc...@community.apache.org
Cc: Tomcat Users List
Subject: Re: Package URLs for Apache Tomcat distributions
[You don't often get email from enge...@apache.org. Learn why this is important
at https://a
Just as an FYI that we established an official TG (Task Group) for
PURL in yesterdays Ecma TC54 (CycloneDX) meeting:
https://docs.google.com/document/d/1BkBd4PRhpP_u1WO_GueYB89vehT_HPKgFMMfbTuKWV4/edit#heading=h.si64e7edhupe
This will take a bit to get set up but this may be something some
people h
Thanks for bringing this up! The topic of software (artifact)
identification is indeed a tricky one. CPEs have long been the main
contender, but are not great for the SBOM (and 'vulnerability scanning'
based on SBOMs) use case because CPE allocations need through the NVD CPE
team, and generally are
Hi all,
I recently started a discussion about pURLs as package identifier on the Tomcat
mailing list and it was brought up, that this might be a broader topic to be
discussed here.
Best regards
Jan
From: Thomas Hoffmann (Speed4Trade GmbH)
Date: Monday, 15. April 2024 at 13:14
To: Tomcat User
On 11/04/2024 16:52, von Loewenstein, Jan wrote:
Hi folks,
I am part of the Paketo community, and we are providing Cloud Native Buildpacks
to create container images with – amongst other technologies – Apache Tomcat
and Apache TomEE as application runtimes.
One of the features of Cloud Native
