As discussed on discourse, grype should not be searching for packages that are missing version information as these will always yield incorrect results.
Additionally while working on this it was found that searched CPE versions were not always being raised accurately (when being overridden) -- this PR additionally fixes this behavior.
As discussed on discourse, grype should not be searching for packages that are missing version information as these will always yield incorrect results.
Additionally while working on this it was found that searched CPE versions were not always being raised accurately (when being overridden) -- this PR additionally fixes this behavior.