From 35278f3d3d78ee9dd708c75096fc7481f491e180 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <19779+xnox@users.noreply.github.com>
Date: Fri, 27 Feb 2026 19:38:05 +0000
Subject: [PATCH] fix(java): improve lz4 detection (#4642)

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
---
 syft/pkg/cataloger/internal/cpegenerate/java.go  |  6 +++++-
 .../internal/cpegenerate/java_groupid_map.go     |  4 ++++
 .../cataloger/internal/cpegenerate/java_test.go  | 16 ++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/syft/pkg/cataloger/internal/cpegenerate/java.go b/syft/pkg/cataloger/internal/cpegenerate/java.go
index 4099effb3..5f7129562 100644
--- a/syft/pkg/cataloger/internal/cpegenerate/java.go
+++ b/syft/pkg/cataloger/internal/cpegenerate/java.go
@@ -302,7 +302,11 @@ func GetManifestFieldGroupIDs(manifest *pkg.JavaManifest, fields []string) (grou
 }
 
 func cleanGroupID(groupID string) string {
-	return strings.TrimSpace(strings.Split(removeOSCIDirectives(groupID), "#")[0])
+	groupID = strings.TrimSpace(strings.Split(removeOSCIDirectives(groupID), "#")[0])
+	if replacement, ok := GroupIDCorrections[groupID]; ok {
+		return replacement
+	}
+	return groupID
 }
 
 func removeOSCIDirectives(groupID string) string {
diff --git a/syft/pkg/cataloger/internal/cpegenerate/java_groupid_map.go b/syft/pkg/cataloger/internal/cpegenerate/java_groupid_map.go
index a1e09b9f5..f607e8316 100644
--- a/syft/pkg/cataloger/internal/cpegenerate/java_groupid_map.go
+++ b/syft/pkg/cataloger/internal/cpegenerate/java_groupid_map.go
@@ -1,5 +1,9 @@
 package cpegenerate
 
+var GroupIDCorrections = map[string]string{
+	"org.lz4.java": "org.lz4",
+}
+
 var DefaultArtifactIDToGroupID = map[string]string{
 	"ant":                                         "org.apache.ant",
 	"ant-antlr":                                   "org.apache.ant",
diff --git a/syft/pkg/cataloger/internal/cpegenerate/java_test.go b/syft/pkg/cataloger/internal/cpegenerate/java_test.go
index 3573b8c9b..6529598c7 100644
--- a/syft/pkg/cataloger/internal/cpegenerate/java_test.go
+++ b/syft/pkg/cataloger/internal/cpegenerate/java_test.go
@@ -183,6 +183,22 @@ func Test_groupIDsFromJavaPackage(t *testing.T) {
 			},
 			expects: []string{"io.jenkins-ci.plugin.thing"},
 		},
+		{
+			name: "groupId correction properly applied",
+			pkg: pkg.Package{
+				Metadata: pkg.JavaArchive{
+					Manifest: &pkg.JavaManifest{
+						Main: pkg.KeyValues{
+							{
+								Key:   "Automatic-Module-Name",
+								Value: "org.lz4.java",
+							},
+						},
+					},
+				},
+			},
+			expects: []string{"org.lz4"},
+		},
 		{
 			name: "from main Extension-Name field",
 			pkg: pkg.Package{