in RedHatSBomGenerator.java, the method to get component purl is by parsing cmd output from yumdownloader --urls "softwarename", which returns http url to download the rpm, but that's not purl.
purl definition is here: https://github.com/package-url/purl-spec
Furthermore, yumdownloader --urls seems to return availabe package download url rather than installed package download url, so it's not accurate.
in
RedHatSBomGenerator.java, the method to get component purl is by parsing cmd output fromyumdownloader --urls "softwarename", which returns http url to download the rpm, but that's not purl.purl definition is here: https://github.com/package-url/purl-spec
Furthermore,
yumdownloader --urlsseems to return availabe package download url rather than installed package download url, so it's not accurate.