Due to the recent events around NVD, we are able to create CPE entries in the Grype database that look like something easier to match on.
It would be helpful if when Syft generates CPEs for a Maven artifact, we include the groupId and artifactId in one of the generated CPEs, this will allow for more accurate matching from Grype.
A recent example that came up would look like this
Due to the recent events around NVD, we are able to create CPE entries in the Grype database that look like something easier to match on.
It would be helpful if when Syft generates CPEs for a Maven artifact, we include the groupId and artifactId in one of the generated CPEs, this will allow for more accurate matching from Grype.
A recent example that came up would look like this