In the November session of the OnRamp webinar, Philippe Ombredanne will introduces Package-URL (PURL) as an open standard that provides a consistent, universal way to identify software packages across ecosystems, addressing critical issues in vulnerability tracking, license compliance, and supply chain security. Philippe, the creator of PURL, will explain its origins and how the specification evolved to balance cross-ecosystem consistency with ecosystem-specific details.
Save the date, for a new tool on you utility belt!
- 📅 Friday, November 17th
- ⏰ 10:30-12:00 CEST
- 🎙️ Philippe Ombredanne, Lead Maintainer of AboutCode.
- 📜 How PURL transforms OSPO operations.
As usual, it is an online event open to all with no registration in a safe environment. Just come and grab a seat. Please connect to our 🌐 BigBlueButton instance on the given date and time. You can import this specific session into your calendar with this 📅 ICS file.
Software supply chains are increasingly complex with dependencies spanning multiple package managers, programming languages, and distribution mechanisms. Inconsistent package identification impedes accurate and timely vulnerability tracking, license compliance, and security analysis.
Open Source Program Offices face unique challenges in managing enterprise-wide open source adoption while ensuring compliance, security, and governance. Package-URL (PURL) addresses these challenges. As the open standard for the universal, unambiguous identification for software packages across all ecosystems, PURL offers a simple yet powerful URL-like syntax that uniquely identifies packages from npm and PyPI to container images and operating system packages, enabling unprecedented visibility and control over software supply chains.
For OSPOs, PURL transforms operations by enabling unified license compliance across all ecosystems, faster vulnerability correlation and incident response, consistent approval workflows for diverse development teams, and vendor-neutral tooling integration. In this session, PURL creator Philippe will share PURL’s origin story and evolution and practical strategies for implementing PURL to transform their OSPO for proactive, integrated supply chain management.
The OSPO OnRamp meeting series provides an open, neutral and friendly forum, low-threshold entry point to exchange and learn about the basics of how to set up an Open Source Program Office and get started with open source. More on the dedicated page.