Collected sources and patterns will appear here. Add from search, explore, or the patterns library.
PackageUrl -> List<Vulnerability>
Match a standard Package URL (PURL) against vulnerability database indexes to retrieve known security advisories.
Problem it solves
Relying on raw text matching for software packages leads to high false positive rates in vulnerability detection.
Consumes
Emits
The real projects this mechanism was found in. Attribution is the point — this is how the best teams actually do it.