From 45bf8b14ab1b74ca7db2444bf6633269bfce6d4e Mon Sep 17 00:00:00 2001
From: Rez Moss <hi@rezmoss.com>
Date: Tue, 28 Oct 2025 18:34:10 -0400
Subject: [PATCH] fix: omit records with empty PURL in GitHub format (#4312)

Signed-off-by: Rez Moss <hi@rezmoss.com>
---
 syft/format/github/internal/model/model.go                 | 3 +++
 .../snapshot/TestGithubDirectoryEncoder.golden             | 5 -----
 .../test-fixtures/snapshot/TestGithubImageEncoder.golden   | 7 -------
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/syft/format/github/internal/model/model.go b/syft/format/github/internal/model/model.go
index 7d67e8763..69d2b9876 100644
--- a/syft/format/github/internal/model/model.go
+++ b/syft/format/github/internal/model/model.go
@@ -87,6 +87,9 @@ func toGithubManifests(s *sbom.SBOM) Manifests {
 		}
 
 		name := dependencyName(p)
+		if name == "" || p.PURL == "" {
+			continue
+		}
 		manifest.Resolved[name] = DependencyNode{
 			PackageURL:   p.PURL,
 			Metadata:     toDependencyMetadata(p),
diff --git a/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden b/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden
index 10cde9982..c428bd1e2 100644
--- a/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden
+++ b/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden
@@ -16,11 +16,6 @@
         "source_location": "redacted/some/path/some/path/pkg1"
       },
       "resolved": {
-        "": {
-          "package_url": "a-purl-2",
-          "relationship": "direct",
-          "scope": "runtime"
-        },
         "pkg:deb/debian/package-2@2.0.1": {
           "package_url": "pkg:deb/debian/package-2@2.0.1",
           "relationship": "direct",
diff --git a/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden b/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden
index 45adf2b07..933cde693 100644
--- a/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden
+++ b/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden
@@ -17,13 +17,6 @@
       },
       "metadata": {
         "syft:filesystem":"redacted"
-      },
-      "resolved": {
-        "": {
-          "package_url": "a-purl-1",
-          "relationship": "direct",
-          "scope": "runtime"
-        }
       }
     },
     "user-image-input:/somefile-2.txt": {