Invalid purls when scanning Rust(cargo) repository

[kennylam91]

Hi guys, When I scan a Rust(cargo) repository (e.g https://github.com/rust-lang/rustlings), the sbom file result contains these purls:

pkg:cargo//[email protected]#
pkg:cargo//[email protected]#
pkg:cargo//[email protected]#
pkg:cargo//[email protected]#
pkg:cargo//[email protected]#

As per purl-specification, these purls seem not to be valid with // And when extracting them, the name info would include a slash (e.g /ryu instead of ryu)

[annaowens]

Adding @FernandoRojo to help on this issue.