diff --git a/server.js b/server.js
index 84bc16ec01..5c6cd995c7 100644
--- a/server.js
+++ b/server.js
@@ -8,6 +8,7 @@ import fs from "node:fs";
 import path from "node:path";
 import { createBom, submitBom } from "./index.js";
 import compression from "compression";
+import { URL } from "url";
 
 // Timeout milliseconds. Default 10 mins
 const TIMEOUT_MS =
@@ -24,10 +25,14 @@ app.use(
 app.use(compression());
 
 const gitClone = (repoUrl) => {
+  const parsedUrl = new URL(repoUrl);
+
+  const sanitizedRepoUrl = `${parsedUrl.protocol}//${parsedUrl.host}${parsedUrl.pathname}`;
+
   const tempDir = fs.mkdtempSync(
-    path.join(os.tmpdir(), path.basename(repoUrl))
+    path.join(os.tmpdir(), path.basename(parsedUrl.pathname))
   );
-  console.log("Cloning", repoUrl, "to", tempDir);
+  console.log("Cloning", sanitizedRepoUrl, "to", tempDir);
   const result = spawnSync("git", ["clone", repoUrl, "--depth", "1", tempDir], {
     encoding: "utf-8",
     shell: false