From 56761cee6f01f8036e8e33b6ee359dc6761b4a5b Mon Sep 17 00:00:00 2001
From: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Date: Thu, 13 Nov 2025 00:44:19 -0500
Subject: [PATCH] fix: raise model version on package

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---
 schema/json/schema-16.0.43.json           |  4 ----
 schema/json/schema-latest.json            |  4 ----
 syft/pkg/cataloger/ai/cataloger_test.go   |  7 -------
 syft/pkg/cataloger/ai/package.go          |  4 ++--
 syft/pkg/cataloger/ai/package_test.go     | 17 +++++++++--------
 syft/pkg/cataloger/ai/parse_gguf_model.go |  5 ++++-
 syft/pkg/gguf.go                          |  3 ---
 7 files changed, 15 insertions(+), 29 deletions(-)

diff --git a/schema/json/schema-16.0.43.json b/schema/json/schema-16.0.43.json
index d9fe1b75a..bea527bf1 100644
--- a/schema/json/schema-16.0.43.json
+++ b/schema/json/schema-16.0.43.json
@@ -1443,10 +1443,6 @@
           "type": "string",
           "description": "ModelName is the name of the model (from general.name or filename)"
         },
-        "modelVersion": {
-          "type": "string",
-          "description": "ModelVersion is the version of the model (if available in header, else \"unknown\")"
-        },
         "fileSize": {
           "type": "integer",
           "description": "FileSize is the size of the GGUF file in bytes (best-effort if available from resolver)"
diff --git a/schema/json/schema-latest.json b/schema/json/schema-latest.json
index d9fe1b75a..bea527bf1 100644
--- a/schema/json/schema-latest.json
+++ b/schema/json/schema-latest.json
@@ -1443,10 +1443,6 @@
           "type": "string",
           "description": "ModelName is the name of the model (from general.name or filename)"
         },
-        "modelVersion": {
-          "type": "string",
-          "description": "ModelVersion is the version of the model (if available in header, else \"unknown\")"
-        },
         "fileSize": {
           "type": "integer",
           "description": "FileSize is the size of the GGUF file in bytes (best-effort if available from resolver)"
diff --git a/syft/pkg/cataloger/ai/cataloger_test.go b/syft/pkg/cataloger/ai/cataloger_test.go
index 80b270fa9..26cfa16d2 100644
--- a/syft/pkg/cataloger/ai/cataloger_test.go
+++ b/syft/pkg/cataloger/ai/cataloger_test.go
@@ -6,7 +6,6 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp/cmpopts"
-	"github.com/stretchr/testify/assert"
 
 	"github.com/anchore/syft/syft/artifact"
 	"github.com/anchore/syft/syft/pkg"
@@ -73,7 +72,6 @@ func TestGGUFCataloger_Integration(t *testing.T) {
 					),
 					Metadata: pkg.GGUFFileHeader{
 						ModelName:    "llama3-8b",
-						ModelVersion: "3.0",
 						License:      "Apache-2.0",
 						Architecture: "llama",
 						Quantization: "Unknown",
@@ -107,8 +105,3 @@ func TestGGUFCataloger_Integration(t *testing.T) {
 		})
 	}
 }
-
-func TestGGUFCataloger_Name(t *testing.T) {
-	cataloger := NewGGUFCataloger()
-	assert.Equal(t, "gguf-cataloger", cataloger.Name())
-}
diff --git a/syft/pkg/cataloger/ai/package.go b/syft/pkg/cataloger/ai/package.go
index 0200df08a..b8c3b59d4 100644
--- a/syft/pkg/cataloger/ai/package.go
+++ b/syft/pkg/cataloger/ai/package.go
@@ -5,10 +5,10 @@ import (
 	"github.com/anchore/syft/syft/pkg"
 )
 
-func newGGUFPackage(metadata *pkg.GGUFFileHeader, locations ...file.Location) pkg.Package {
+func newGGUFPackage(metadata *pkg.GGUFFileHeader, version string, locations ...file.Location) pkg.Package {
 	p := pkg.Package{
 		Name:      metadata.ModelName,
-		Version:   metadata.ModelVersion,
+		Version:   version,
 		Locations: file.NewLocationSet(locations...),
 		Type:      pkg.ModelPkg,
 		Licenses:  pkg.NewLicenseSet(),
diff --git a/syft/pkg/cataloger/ai/package_test.go b/syft/pkg/cataloger/ai/package_test.go
index b5918431e..ef6ff21f8 100644
--- a/syft/pkg/cataloger/ai/package_test.go
+++ b/syft/pkg/cataloger/ai/package_test.go
@@ -15,14 +15,15 @@ func TestNewGGUFPackage(t *testing.T) {
 	tests := []struct {
 		name      string
 		metadata  *pkg.GGUFFileHeader
+		version   string
 		locations []file.Location
 		checkFunc func(t *testing.T, p pkg.Package)
 	}{
 		{
-			name: "complete GGUF package with all fields",
+			name:    "complete GGUF package with all fields",
+			version: "3.0",
 			metadata: &pkg.GGUFFileHeader{
 				ModelName:    "llama3-8b-instruct",
-				ModelVersion: "3.0",
 				License:      "Apache-2.0",
 				Architecture: "llama",
 				Quantization: "Q4_K_M",
@@ -51,10 +52,10 @@ func TestNewGGUFPackage(t *testing.T) {
 			},
 		},
 		{
-			name: "minimal GGUF package",
+			name:    "minimal GGUF package",
+			version: "1.0",
 			metadata: &pkg.GGUFFileHeader{
 				ModelName:    "simple-model",
-				ModelVersion: "1.0",
 				Architecture: "gpt2",
 				GGUFVersion:  3,
 				TensorCount:  50,
@@ -75,10 +76,10 @@ func TestNewGGUFPackage(t *testing.T) {
 			},
 		},
 		{
-			name: "GGUF package with multiple locations",
+			name:    "GGUF package with multiple locations",
+			version: "1.5",
 			metadata: &pkg.GGUFFileHeader{
 				ModelName:    "multi-location-model",
-				ModelVersion: "1.5",
 				Architecture: "llama",
 				GGUFVersion:  3,
 				TensorCount:  150,
@@ -95,12 +96,12 @@ func TestNewGGUFPackage(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			p := newGGUFPackage(tt.metadata, tt.locations...)
+			p := newGGUFPackage(tt.metadata, tt.version, tt.locations...)
 
 			if d := cmp.Diff(tt.metadata.ModelName, p.Name); d != "" {
 				t.Errorf("Name mismatch (-want +got):\n%s", d)
 			}
-			if d := cmp.Diff(tt.metadata.ModelVersion, p.Version); d != "" {
+			if d := cmp.Diff(tt.version, p.Version); d != "" {
 				t.Errorf("Version mismatch (-want +got):\n%s", d)
 			}
 			if d := cmp.Diff(pkg.ModelPkg, p.Type); d != "" {
diff --git a/syft/pkg/cataloger/ai/parse_gguf_model.go b/syft/pkg/cataloger/ai/parse_gguf_model.go
index 3d449e76d..e79fef834 100644
--- a/syft/pkg/cataloger/ai/parse_gguf_model.go
+++ b/syft/pkg/cataloger/ai/parse_gguf_model.go
@@ -62,10 +62,12 @@ func parseGGUFModel(_ context.Context, _ file.Resolver, _ *generic.Environment,
 	// Extract metadata
 	metadata := ggufFile.Metadata()
 
+	// Extract version separately (will be set on Package.Version)
+	modelVersion := extractVersion(ggufFile.Header.MetadataKV)
+
 	// Convert to syft metadata structure
 	syftMetadata := &pkg.GGUFFileHeader{
 		ModelName:    metadata.Name,
-		ModelVersion: extractVersion(ggufFile.Header.MetadataKV),
 		License:      metadata.License,
 		Architecture: metadata.Architecture,
 		Quantization: metadata.FileTypeDescriptor,
@@ -84,6 +86,7 @@ func parseGGUFModel(_ context.Context, _ file.Resolver, _ *generic.Environment,
 	// Create package from metadata
 	p := newGGUFPackage(
 		syftMetadata,
+		modelVersion,
 		reader.WithAnnotation(pkg.EvidenceAnnotationKey, pkg.PrimaryEvidenceAnnotation),
 	)
 
diff --git a/syft/pkg/gguf.go b/syft/pkg/gguf.go
index 5100d07a5..7cb83d31c 100644
--- a/syft/pkg/gguf.go
+++ b/syft/pkg/gguf.go
@@ -10,9 +10,6 @@ type GGUFFileHeader struct {
 	// ModelName is the name of the model (from general.name or filename)
 	ModelName string `json:"modelName" cyclonedx:"modelName"`
 
-	// ModelVersion is the version of the model (if available in header, else "unknown")
-	ModelVersion string `json:"modelVersion,omitempty" cyclonedx:"modelVersion"`
-
 	// FileSize is the size of the GGUF file in bytes (best-effort if available from resolver)
 	FileSize int64 `json:"fileSize,omitempty" cyclonedx:"fileSize"`