PackageURL, the leading package identifier used now by all leading SBOM standards, code scanners and all major organizations, was started in ScanCode to identify a package uniquely and get licensing/vulnerability data about those packages from other databases, and communicate about packages used through SBOMs.

AboutCode not only maintains the PackageURL and VERS (version range) spec, tooling and standardization efforts, it also provides a suite of FOSS tools, open and federated data, and public instances to:
- Validate PackageURLs and package existence
- Get origin data and download source/binary archive from packageURLs
- Get license data for PackageURLs by getting metadata, scanning source, binary
- Get known vulnerabilities with exploitability/severity data
- Detect packages and packageURLs from all source code/binary/containers etc
- Working with ecosystems and FOSS foundations to improve data about packages/vulnerabilities
- Import, validate and enrich SBOMs with license/vulnerability data
- Provide purl accuracy benchmarks for comparing code scanning tools to identify support for ecosystems and gaps

A short presentation of the AboutCode stack can show these capabilities.