How to Make SBOMs Actionable with PURLs

Software bills of materials (SBOMs) are supposed to make software components easier to track, but many teams run into the same problem: the same package can show up under different names depending on the tool, ecosystem, or SBOM format. That makes it hard to match vulnerabilities, confirm ownership, and prioritize fixes.

In this developer-focused webinar, ReversingLabs' Kadi McKean hosts Steve Springett, Chair of CycloneDX SBOM Standard, and AboutCode's Philippe Ombredanne, creator of Package URLs (PURLs), to break down how PURLs help solve that problem by giving packages a consistent identifier — like an exact address instead of a rough location.

The webinar is designed for development and application security teams who want supply chain security data that is easier to trust, use — and act on. It will cover recent PURL developments, how they’re being used in standards like SPDX and CycloneDX, and practical ways teams can use PURLs.

Key takeaways include:

• How PURLs give packages an exact address so SBOMs are easier to compare across tools and formats
• Practical ways to improve vulnerability matching, triage, and remediation using PURLs
• How PURLs support more reliable SBOM validation and compliance workflows

ReversingLabs' Dave Ferguson shares insights on how PURLs make SBOMs more actionable in a recent blog post.

Meet the Speakers