diff --git a/syft/pkg/cataloger/java/archive_parser.go b/syft/pkg/cataloger/java/archive_parser.go
index d9e746e6e67..3150351c8cc 100644
--- a/syft/pkg/cataloger/java/archive_parser.go
+++ b/syft/pkg/cataloger/java/archive_parser.go
@@ -133,12 +133,14 @@ func (j *archiveParser) parse() ([]pkg.Package, []artifact.Relationship, error)
 	// add pURLs to all packages found
 	// note: since package information may change after initial creation when parsing multiple locations within the
 	// jar, we wait until the conclusion of the parsing process before synthesizing pURLs.
-	for i, p := range pkgs {
+	for i := range pkgs {
+		p := &pkgs[i]
 		if m, ok := p.Metadata.(pkg.JavaMetadata); ok {
-			pkgs[i].PURL = packageURL(p.Name, p.Version, m)
+			p.PURL = packageURL(p.Name, p.Version, m)
 		} else {
 			log.WithFields("package", p.String()).Warn("unable to extract java metadata to generate purl")
 		}
+		p.SetID()
 	}
 
 	return pkgs, relationships, nil
diff --git a/syft/pkg/cataloger/java/archive_parser_test.go b/syft/pkg/cataloger/java/archive_parser_test.go
index c331dbbf89b..cd2affb50ce 100644
--- a/syft/pkg/cataloger/java/archive_parser_test.go
+++ b/syft/pkg/cataloger/java/archive_parser_test.go
@@ -277,6 +277,10 @@ func TestParseJar(t *testing.T) {
 			}
 
 			for _, a := range actual {
+				if a.ID() == "" {
+					t.Fatalf("empty package ID: %+v", a)
+				}
+
 				e, ok := test.expected[a.Name]
 				if !ok {
 					t.Errorf("entry not found: %s", a.Name)