I would like to have a minimal and lightweight, fast --package scan option that does not do anything more than collecting PURLs, either for actual packages that are present and for their dependencies. This would then a nice input for other pipelines and tools that are based on PURL only.
Minimal would mean that beyond PURL (and may be a version range for depsn) no other metadata, no license detection and no complex assembly, nor package files or package instance creation would be needed.
This could be a new --purl scan option, with a skinny output data structure to design.
I would like to have a minimal and lightweight, fast --package scan option that does not do anything more than collecting PURLs, either for actual packages that are present and for their dependencies. This would then a nice input for other pipelines and tools that are based on PURL only.
Minimal would mean that beyond PURL (and may be a version range for depsn) no other metadata, no license detection and no complex assembly, nor package files or package instance creation would be needed.
This could be a new
--purlscan option, with a skinny output data structure to design.