mirror of
https://github.com/anchore/syft.git
synced 2025-11-21 02:13:17 +01:00
dd2ee2bbf7
The bitnami cataloger assigns files under /opt/bitnami/PACKAGE to be owned by PACKAGE unless they are otherwise owned. Previously, this main package was identified only by relationships, leading to an edge case where if there was a bitnami SBOM with a single package in it, there were no relationships, and so there would be no main package to assign the files to, leading to deduplication failures. Instead, when encountering a bitnami SBOM with exactly one package in it, assume that package is the main package of that SBOM. Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>