zhill
commented
2 weeks ago Opened this for comments, will fix tests etc once there is a 👍 on this as something to do. Understood that Grype is reducing reliance on CPEs but some folks still use/need it and want to understand the matches better when they do appear.
For CPE-based matches, display the detail about the CPE used to match.
This includes the "source" indicating if the cpe was syft-generated, or a lookup from the cpe-dictionary.