From 35094947798b5227cb9a3ce9909f5210344908ad Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Wed, 21 Dec 2022 16:54:33 +0530
Subject: [PATCH] Document identifiers key

- Closes #1917
- See #763 for plans around usage
---
 CONTRIBUTING.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0ebd255046a..2fc111eb940 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -183,6 +183,26 @@ auto:
   # The value must always be `true`.
   - custom: true
 
+# A list of identifiers that can be used to detect this product as being used,
+# especially by SBOM tooling
+identifiers:
+  # Each identifier is a way of linking this product to various methods of installing it
+
+  # This is a shorthand to use repology as the source data
+  # https://repology.org/project/:package-name-/versions
+  # should return a valid list of packages linked to this product.
+  - repology: package-name
+
+  # See the PURL spec https://github.com/package-url/purl-spec
+  # for details, and avoid packages that are already mentioned on
+  # the repology page
+  # Common examples would be to use
+  # - pkg:os to document operating systems (https://github.com/package-url/purl-spec/pull/161)
+  # - pkg:github to link to github pages
+  # - pkg:golang/pypi/gem/maven/npm etc for common package managers
+  # - pkg:docker for linking to docker images on Docker Hub
+  - purl: pkg:package-manager/package-name
+
 # A list of releases, supported or not (mandatory).
 # Releases must be sort from the newest (on top of the list) to the lowest.
 # Do not add releases that are not considered "stable" (such as RC/Alpha/Beta/Nightly).