Stop Guessing Your Dependencies

SBOMs are supposed to make software components easier to track, but many teams run into the same problem: the same package can show up under different names depending on the tool, ecosystem, or SBOM format. That makes it hard to match vulnerabilities, confirm ownership, and prioritize fixes.

In this developer-focused webinar, we’ll break down how Package URLs (PURLs) help solve that problem by giving packages a consistent identifier—like an exact address instead of a rough location. We’ll cover recent PURL developments, how they’re being used in standards like SPDX and CycloneDX, and practical ways teams can use PURLs to compare SBOMs, improve vulnerability triage, and simplify compliance reporting.

This session is built for developers and AppSec teams who want supply chain security data that is easier to trust, use, and act on.

Key Takeaways

• How PURLs give packages an “exact address” so SBOMs are easier to compare across tools and formats
• Practical ways to improve vulnerability matching, triage, and remediation using PURLs
• How PURLs support more reliable SBOM validation and compliance workflows

Attendees will receive an attendance certificate to be used towards CPE credits.

Meet the Speakers