Skip to content

feat: Add Homebrew (brew) PURL type definition #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
chenrui333 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Add Homebrew (brew) PURL type definition #796

chenrui333 wants to merge 2 commits into from
+354 −0

Conversation

@chenrui333
Copy link

@chenrui333 chenrui333 commented Jan 31, 2026
edited
Loading

Introduce pkg:brew as a registered PURL type using the post-#514 JSON type-definition framework.

Key design decisions:

  • version: optional (matches real-world usage like pkg:brew/go)
  • namespace: optional (represents Homebrew tap, e.g., homebrew/core)
  • qualifier: repository_url (consistent with docker, oci types)
  • @ encoding: formula names with @ (e.g., postgresql@12) use %40

Test cases cover:

  • Simple formula with/without version
  • Versioned formulas with @ in name (percent-encoding)
  • Namespace (tap) usage for homebrew/core, homebrew/cask
  • Third-party taps with repository_url qualifier

Real-world usage validated against:

  • Homebrew/brew (official sbom.rb)
  • anchore/syft
  • endoflife.date (versionless purls)

cc @pombredanne @williamboman

@chenrui333 chenrui333 mentioned this pull request Jan 31, 2026
Closed
@chenrui333
Add Homebrew (brew) PURL type definition
58a0813 
Introduce `pkg:brew` as a registered PURL type using the post-package-url#514
JSON type-definition framework.

Key design decisions:
- version: optional (matches real-world usage like pkg:brew/go)
- namespace: optional (represents Homebrew tap, e.g., homebrew/core)
- qualifier: repository_url (consistent with docker, oci types)
- @ encoding: formula names with @ (e.g., postgresql@12) use %40

Test cases cover:
- Simple formula with/without version
- Versioned formulas with @ in name (percent-encoding)
- Namespace (tap) usage for homebrew/core, homebrew/cask
- Third-party taps with repository_url qualifier

Real-world usage validated against:
- Homebrew/brew (official sbom.rb)
- anchore/syft
- endoflife.date (versionless purls)

Signed-off-by: Rui Chen <rui@chenrui.dev>
@jkowalleck jkowalleck added Proposed new type type: brew Proposed new type PURL type definition Non-core definitions that describe and standardize PURL types labels Feb 2, 2026
@mjherzog mjherzog requested a review from johnmhoran February 2, 2026 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johnmhoran johnmhoran Awaiting requested review from johnmhoran

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Proposed new type PURL type definition Non-core definitions that describe and standardize PURL types type: brew Proposed new type

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chenrui333 @jkowalleck @mjherzog