diff --git a/pkg/inventory/source/source.go b/pkg/inventory/source/source.go
index 874973109d1ea5dae8b746927d184f80cd477501..44d8db0c578095e1d9a5f7450b76d592b4f92d03 100644
--- a/pkg/inventory/source/source.go
+++ b/pkg/inventory/source/source.go
@@ -11,6 +11,7 @@
 package source
 
 import (
+	"net/url"
 	"path/filepath"
 	"time"
 
@@ -62,7 +63,7 @@ func repoInfo(projectPath string, source *model.Source) {
 		conf, err := repo.Config()
 		if err == nil {
 			if remote, ok := conf.Remotes["origin"]; ok {
-				source.Repository = remote.URLs[0]
+				source.Repository = normalizeHttpUrl(remote.URLs[0])
 			}
 		}
 		ref, err := repo.Head()
@@ -76,3 +77,15 @@ func repoInfo(projectPath string, source *model.Source) {
 		}
 	}
 }
+
+func normalizeHttpUrl(rawUrl string) string {
+	if rawUrl == "" {
+		return ""
+	}
+	parsedUrl, err := url.Parse(rawUrl)
+	if err != nil {
+		return ""
+	}
+	parsedUrl.User = nil
+	return parsedUrl.String()
+}
diff --git a/pkg/inventory/source/source_test.go b/pkg/inventory/source/source_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..0d6c9253be34a83d03bf411b7422f442d9b40d31
--- /dev/null
+++ b/pkg/inventory/source/source_test.go
@@ -0,0 +1,36 @@
+package source
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestRepoUrl(t *testing.T) {
+
+}
+func TestNormalizeRepoUrl(t *testing.T) {
+
+	tests := []struct {
+		name   string
+		input  string
+		expect string
+	}{
+		{
+			name:   "normal",
+			input:  "https://gitee.com/JD-opensource/sbom-tool.git",
+			expect: "https://gitee.com/JD-opensource/sbom-tool.git",
+		},
+		{
+			name:   "with-user",
+			input:  "https://user:pswd@gitee.com/JD-opensource/sbom-tool.git",
+			expect: "https://gitee.com/JD-opensource/sbom-tool.git",
+		},
+	}
+
+	for i := 0; i < len(tests); i++ {
+		test := tests[i]
+		t.Run(test.name, func(tt *testing.T) {
+			assert.Equal(t, test.expect, normalizeHttpUrl(test.input))
+		})
+	}
+}