OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
numpy:numpy must be reported for pypi:numpy. However, redis:redis must not be reported for pypi:redis even though it has CPE similar to numpy.
This is fixed by adding numpy to package_alias and filtering vendor == name for non-nuget ecosystems.
Possible regression of #113. After #113, we actually lost numpy:numpy and selenium:selenium.