Skip to content

Add new PURL type: 'brew' for Homebrew#796

Open
chenrui333 wants to merge 3 commits intopackage-url:mainfrom
chenrui333:brew
Open

Add new PURL type: 'brew' for Homebrew#796
chenrui333 wants to merge 3 commits intopackage-url:mainfrom
chenrui333:brew

Conversation

@chenrui333
Copy link
Copy Markdown

@chenrui333 chenrui333 commented Jan 31, 2026
edited
Loading

Introduce pkg:brew as a registered PURL type using the post-#514 JSON type-definition framework.

Key design decisions:

  • version: optional (matches real-world usage like pkg:brew/go)
  • namespace: optional (represents Homebrew tap, e.g., homebrew/core)
  • qualifier: repository_url (consistent with docker, oci types)
  • @ encoding: formula names with @ (e.g., postgresql@12) use %40

Test cases cover:

  • Simple formula with/without version
  • Versioned formulas with @ in name (percent-encoding)
  • Namespace (tap) usage for homebrew/core, homebrew/cask
  • Third-party taps with repository_url qualifier

Real-world usage validated against:

  • Homebrew/brew (official sbom.rb)
  • anchore/syft
  • endoflife.date (versionless purls)

cc @pombredanne @williamboman

@chenrui333 chenrui333 mentioned this pull request Jan 31, 2026
Closed
@chenrui333
Add Homebrew (brew) PURL type definition
58a0813 
Introduce `pkg:brew` as a registered PURL type using the post-package-url#514
JSON type-definition framework.

Key design decisions:
- version: optional (matches real-world usage like pkg:brew/go)
- namespace: optional (represents Homebrew tap, e.g., homebrew/core)
- qualifier: repository_url (consistent with docker, oci types)
- @ encoding: formula names with @ (e.g., postgresql@12) use %40

Test cases cover:
- Simple formula with/without version
- Versioned formulas with @ in name (percent-encoding)
- Namespace (tap) usage for homebrew/core, homebrew/cask
- Third-party taps with repository_url qualifier

Real-world usage validated against:
- Homebrew/brew (official sbom.rb)
- anchore/syft
- endoflife.date (versionless purls)

Signed-off-by: Rui Chen <rui@chenrui.dev>
@jkowalleck jkowalleck added PURL type: new Register a new PURL type type: brew PURL type: change Change(s) to a registered PURL type labels Feb 2, 2026
@mjherzog mjherzog requested a review from johnmhoran February 2, 2026 20:10
@chenrui333
Copy link
Copy Markdown
Author

chenrui333 commented Feb 26, 2026

any blocker needs to be addressed before merging this?

@mjherzog
Copy link
Copy Markdown
Member

mjherzog commented Feb 26, 2026

@chenrui333 We need review by @pombredanne. I am trying to expedite that.

@mjherzog mjherzog removed PURL type: change Change(s) to a registered PURL type labels Apr 3, 2026
@mjherzog mjherzog changed the title feat: Add Homebrew (brew) PURL type definition Add new PURL type: 'brew' for Homebrew Apr 3, 2026
@captn3m0 captn3m0 mentioned this pull request Apr 13, 2026
Closed
@czunker czunker mentioned this pull request Apr 17, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnmhoran johnmhoran Awaiting requested review from johnmhoran

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

PURL type: new Register a new PURL type

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chenrui333 @mjherzog @jkowalleck