Skip to content

extend project URLs -> external references #800

New issue
New issue
Open
Open
extend project URLs -> external references#800
Labels
enhancementNew feature or requestgood first issueGood for newcomershacktoberfesthelp wantedExtra attention is needed
@jkowalleck

Description

@jkowalleck
jkowalleck
opened on Sep 25, 2024

Is your feature request related to a problem? Please describe.

This tool detects project URLs and emits them in the SBOM results as "external references".
The URL types are detected based on patterns - see

cyclonedx-python/cyclonedx_py/_internal/utils/cdx.py

Lines 85 to 104 in 721f12d

__known_ulr_labels: Dict[str, ExternalReferenceType] = {
# see https://peps.python.org/pep-0345/#project-url-multiple-use
# see https://github.com/pypi/warehouse/issues/5947#issuecomment-699660629
'bugtracker': ExternalReferenceType.ISSUE_TRACKER,
'issuetracker': ExternalReferenceType.ISSUE_TRACKER,
'issues': ExternalReferenceType.ISSUE_TRACKER,
'bugreports': ExternalReferenceType.ISSUE_TRACKER,
'tracker': ExternalReferenceType.ISSUE_TRACKER,
'home': ExternalReferenceType.WEBSITE,
'homepage': ExternalReferenceType.WEBSITE,
'download': ExternalReferenceType.DISTRIBUTION,
'documentation': ExternalReferenceType.DOCUMENTATION,
'docs': ExternalReferenceType.DOCUMENTATION,
'changelog': ExternalReferenceType.RELEASE_NOTES,
'changes': ExternalReferenceType.RELEASE_NOTES,
# 'source': ExternalReferenceType.SOURCE-DISTRIBUTION,
'repository': ExternalReferenceType.VCS,
'github': ExternalReferenceType.VCS,
'chat': ExternalReferenceType.CHAT,
}

it appears that PyPI also documented the way they detect URL types: https://docs.pypi.org/project_metadata/#icons

It would be great if the PyPI heuristics could be applied, too.

Describe the solution you'd like

Have the heuristics from PyPI apply to URL type detections, so that emitted external references follow the de facto standards, too.

These heuristics work on the URL name, as well on the URL itself.

Additional context

PyPI's type classification according to https://docs.pypi.org/project_metadata/#icons

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomershacktoberfesthelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions