rhalar

This would be a Good Addition, I believe. The first option seems cleaner at first (`source artifact` as a name perhaps?) but note that currently purls are defined per package;...

Hi! I work for ReversingLabs and have been responsible for our OSSF integration. So, to clarify our process; we track multiple sources for malware activity on a number of repositories,...

>I can try creating the PRs myself and discuss OSSF's guidelines. Would you be able to update your database based on that? OSSF entries are additive, so changes you make...

@calebbrown We're preparing a new push to the bucket, and this is blocking us a wee bit. We'd like to withdraw these on our end, which shouldn't be too much...