From 15e45a8ce11849db464bf96f6fa6ac2790175495 Mon Sep 17 00:00:00 2001
From: Weston Steimel <weston.steimel@anchore.com>
Date: Mon, 11 Apr 2022 13:38:52 +0000
Subject: [PATCH] add additional vendors for springframework (#945)

The Official CPE dictionary currently contains entries for springframework with three different vendors: springsource, vmware, and pivotal_software.  This appears to be because ownership has changed over time.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---
 syft/pkg/cataloger/common/cpe/candidate_by_package_type.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
index 06fdc2916..d177827d6 100644
--- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -19,12 +19,12 @@ var defaultCandidateAdditions = buildCandidateLookup(
 		{
 			pkg.JavaPkg,
 			candidateKey{PkgName: "springframework"},
-			candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}},
+			candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}, AdditionalVendors: []string{"pivotal_software", "springsource", "vmware"}},
 		},
 		{
 			pkg.JavaPkg,
 			candidateKey{PkgName: "spring-core"},
-			candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}},
+			candidateAddition{AdditionalProducts: []string{"spring_framework", "springsource_spring_framework"}, AdditionalVendors: []string{"pivotal_software", "springsource", "vmware"}},
 		},
 		{
 			// example image: docker.io/nuxeo:latest