First draft for PackageURL website

[mjherzog]

This first draft layout for the PackageURL website (packageurl.org) is based generally on the layout of the the CycloneDX website at: https://cyclonedx.org/ with a simplified layout and less dense content.

• In this layout there are pages for each sub-menu item, but not for the heading menu item unless it does not have sub-menu items - e.g., NEWSROOM.
• The top of each webpage should have a format similar to the home page with a simple description of the webpage content. At the start we will probably not have standard links like the CycloneDX Explore Tools and Read Guides for the webpage title section.
• The breadcrumbs for https://cyclonedx.org/capabilities/sbom/ and https://cyclonedx.org/use-cases/security/ are not needed for PackageURL to start.

NB: The specifications that are most closely related to PackageURL are:

• the SBOM specifications for CycloneDX (https://cyclonedx.org/) and SPDX (https://spdx.dev/). We expect most people visiting the PackageURL website to have some familiarity with CycloneDX and SPDX (and their websites).
• the CSAF specification for advisories and VEX (https://www.csaf.io/)
• the OpenVEX specification for VEX (https://github.com/openvex/)
• the OSV schema for vulnerability advisories (https://github.com/ossf/osv-schema)
• potentially the CVE schema for vulnerability advisories (Add packageURL field to product in affected array. CVEProject/cve-schema#409)

GETTING STARTED

• OVERVIEW: General overview of Package URL (text).
• EXAMPLES: This will provide examples of PURLs for popular software communities - e.g., maven for Java or pypi for Python - probably in text.
• USE CASES: This will cover examples of where PURLs are currently used. It would be nice to use something like the CycloneDX Use Cases layout.
• TOOLS: Layout should be similar to CycloneDX Tool Center page.

SPECIFICATION

• OVERVIEW: This page will explain
  • The 7 components of a PURL: Scheme, Type, Namespace, Name, Version, Qualifiers and Subpath (see also https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst and
  • the schema for PURL Types.
• DOCUMENTATION: This will include information about how to build or parse a PURL, character encoding and PURL Types (generated from purl-type.schema.json) - mostly text,
• ECMA-nnn: similar to CycloneDX page, but this will be a placeholder until December 2025 pending approval of the standard.

PARTICIPATE

• CONTRIBUTE: Emulate the layout of the CycloneDX CONTRIBUTE page.
• WORKING GROUPS: Content TBD but we will probably want a layout similar to the CycloneDX WORKING GROUPS page.
• STANDARDIZATION: This will be much simpler than the CycloneDX STANDARDIZATION PROCESS page (we will show the TC54 links here).

NEWSROOM - Emulate the CycloneDX NEWSROOM layout - likely more news and blog posts than press releases.

ABOUT

• GUIDING PRINCIPLES: Emulate the CycloneDX layout
• GOVERNANCE: Mostly text - much simpler than CycloneDX
• SUPPORTERS: Emulate the CycloneDX layout with images/links but probably no subsections.

Footer

GitHub - https://github.com/package-url
Gitter - https://app.gitter.im/#/room/#package-url_Lobby:gitter.im
Slack - https://cyclonedx.slack.com/archives/C06KTE3BWEB

[mjherzog]

Closing in favor of #4