fix: omit records with empty PURL in GitHub format (#4312)

Signed-off-by: Rez Moss <hi@rezmoss.com>
2025-11-17 08:23:15 +01:00 · 2025-10-28 18:34:10 -04:00 · 2025-10-28 18:34:10 -04:00 · 45bf8b14ab
commit 45bf8b14ab
parent 9478cd974b
3 changed files with 3 additions and 12 deletions
--- a/syft/format/github/internal/model/model.go
+++ b/syft/format/github/internal/model/model.go
@ -87,6 +87,9 @@ func toGithubManifests(s *sbom.SBOM) Manifests {
 		}

 		name := dependencyName(p)
+		if name == "" || p.PURL == "" {
+			continue
+		}
 		manifest.Resolved[name] = DependencyNode{
 			PackageURL:   p.PURL,
 			Metadata:     toDependencyMetadata(p),
--- a/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden
+++ b/syft/format/github/test-fixtures/snapshot/TestGithubDirectoryEncoder.golden
@ -16,11 +16,6 @@
        "source_location": "redacted/some/path/some/path/pkg1"
      },
      "resolved": {
-        "": {
-          "package_url": "a-purl-2",
-          "relationship": "direct",
-          "scope": "runtime"
-        },
        "pkg:deb/debian/package-2@2.0.1": {
          "package_url": "pkg:deb/debian/package-2@2.0.1",
          "relationship": "direct",
--- a/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden
+++ b/syft/format/github/test-fixtures/snapshot/TestGithubImageEncoder.golden
@ -17,13 +17,6 @@
      },
      "metadata": {
        "syft:filesystem":"redacted"
-      },
-      "resolved": {
-        "": {
-          "package_url": "a-purl-1",
-          "relationship": "direct",
-          "scope": "runtime"
-        }
      }
    },
    "user-image-input:/somefile-2.txt": {