Ecosyste.ms API returns invalid URL in repo_metadata.owner_record.website #102
Description
❯ curl -sS -G --data-urlencode "purl=pkg:npm/[email protected]" 'https://packages.ecosyste.ms/api/v1/packages/lookup' \
| jq -r '.[].repo_metadata.owner_record.website'
JavaScript Testing utilities for React
and it ends up in supplier's url section:
❯ parlay ecosystems enrich sbom.json > sbom-enriched.json ()
~
❯ cat sbom-enriched.json| grep -C10 'JavaScript Testing utilities for React' ()
{
"name": "ecosystems:topic",
"value": "javascript"
}
]
},
{
"bom-ref": "pkg:npm/[email protected]",
"type": "library",
"supplier": {
"name": "enzyme - JavaScript Testing utilities for React",
"url": [
"JavaScript Testing utilities for React"
]
},Trying to upload enriched SBOM to Dependency-Track fails with the following error:
{
"status": 400,
"title": "The uploaded BOM is invalid",
"detail": "Schema validation failed",
"errors": [
"$.components[1233].supplier.url[0]: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference",
"$.components[1234].supplier.url[0]: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference",
"$.components[1888].supplier.url[0]: does not match the iri-reference pattern must be a valid RFC 3987 IRI-reference"
]
}Using the latest parlay, which includes fixes for both #84 and #96:
❯ parlay --version ()
0.7.0