From 3f0721ff6ed00679e7a36e7c3bfe8c7d7bcec3e4 Mon Sep 17 00:00:00 2001 From: afdesk Date: Tue, 23 May 2023 15:35:52 +0600 Subject: [PATCH] fix(cyclonedx): set original names for packages (#4306) --- pkg/sbom/cyclonedx/unmarshal.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/sbom/cyclonedx/unmarshal.go b/pkg/sbom/cyclonedx/unmarshal.go index 9c643deafcfd..412c73333d0c 100644 --- a/pkg/sbom/cyclonedx/unmarshal.go +++ b/pkg/sbom/cyclonedx/unmarshal.go @@ -341,6 +341,9 @@ func toPackage(component cdx.Component) (bool, string, *ftypes.Package, error) { } pkg := p.Package() + // Trivy's marshall loses case-sensitivity in PURL used in SBOM for packages (Go, Npm, PyPI), + // so we have to use an original package name + pkg.Name = component.Name pkg.Ref = component.BOMRef for _, license := range lo.FromPtr(component.Licenses) {