Hello there!
Seems like that purls are missing from Sarif reports of grype.
I attempted adding those in the Sarif report. In order to do that I had to copy the deriveBomRef function that is being used in CycloneDx as well.
I tried making deriveBomRef a member function of Package type in order to avoid duplication but I couldn't build the project locally.
Hello there! Seems like that
purlsare missing from Sarif reports ofgrype. I attempted adding those in the Sarif report. In order to do that I had to copy thederiveBomReffunction that is being used in CycloneDx as well. I tried makingderiveBomRefa member function ofPackagetype in order to avoid duplication but I couldn't build the project locally.Thanks, George