aboutcode-org · omsuneri · Oct 11, 2025
diff --git a/scanpipe/api/views.py b/scanpipe/api/views.py
@@ -373,6 +373,8 @@ def add_input(self, request, *args, **kwargs):
         for url in input_urls:
             project.add_input_source(download_url=url)
 
+        project.auto_populate_purl_if_single_package_url()
+
         return Response({"status": "Input(s) added."}, status=status.HTTP_201_CREATED)
 
     @action(

diff --git a/scanpipe/forms.py b/scanpipe/forms.py
@@ -124,6 +124,8 @@ def handle_inputs(self, project):
         for url in input_urls:
             project.add_input_source(download_url=url)
 
+        project.auto_populate_purl_if_single_package_url()
+
 
 class CheckboxChoiceField(forms.MultipleChoiceField):
     widget = forms.CheckboxSelectMultiple

diff --git a/scanpipe/management/commands/__init__.py b/scanpipe/management/commands/__init__.py
@@ -357,6 +357,8 @@ def handle_input_urls(project, input_urls, command=None):
     for url in input_urls:
         project.add_input_source(download_url=url)
 
+    project.auto_populate_purl_if_single_package_url()
+
     if input_urls and command and command.verbosity > 0:
         msg = "URL(s) added as project input sources:"
         command.stdout.write(msg, command.style.SUCCESS)

diff --git a/scanpipe/models.py b/scanpipe/models.py
@@ -1222,14 +1222,50 @@ def add_input_source(self, download_url="", filename="", is_uploaded=False, tag=
             if not tag and parsed_url.fragment:
                 tag = parsed_url.fragment[:50]
 
-        return InputSource.objects.create(
+        input_source = InputSource.objects.create(
             project=self,
             download_url=download_url,
             filename=filename,
             is_uploaded=is_uploaded,
             tag=tag,
         )
 
+        self._auto_populate_purl_from_inputs()
+
+        return input_source
+
+    def _auto_populate_purl_from_inputs(self):
+        """
+        Auto-populate the project's PURL field if the project has a single input
+        that is a valid package URL and the PURL field is currently empty.
+        """
+        if self.purl:
+            return
+
+        input_sources = self.inputsources.all()
+
+        if input_sources.count() != 1:
+            return
+
+        input_source = input_sources.first()
+        download_url = input_source.download_url
+
+        if download_url and download_url.startswith('pkg:'):
+            try:
+                PackageURL.from_string(download_url)
+                self.purl = download_url
+                self.save(update_fields=['purl'])
+            except ValueError:
+                # Ignore
+                pass
+
+    def auto_populate_purl_if_single_package_url(self):
+        """
+        Public method to auto-populate PURL field if project has a single package URL input.
+        This can be called after all inputs have been added to a project.
+        """
+        self._auto_populate_purl_from_inputs()
+
     def add_downloads(self, downloads):
         """
         Move the given `downloads` to the current project's input/ directory and