From 61911721769a42728ce398f59391fb809bb4d5e8 Mon Sep 17 00:00:00 2001
From: "anchore-actions-token-generator[bot]"
 <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
Date: Fri, 15 Nov 2024 09:36:21 -0500
Subject: [PATCH] wip

Signed-off-by: dervoeti <lukas.voetmand@stackable.tech>
---
 .binny.yaml                                           |  4 ++--
 syft/format/internal/cyclonedxutil/helpers/decoder.go | 11 +++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.binny.yaml b/.binny.yaml
index a29107063a0e..6569a0d47888 100644
--- a/.binny.yaml
+++ b/.binny.yaml
@@ -58,7 +58,7 @@ tools:
   # used to release all artifacts
   - name: goreleaser
     version:
-      want: v2.4.4
+      want: v2.4.5
     method: github-release
     with:
       repo: goreleaser/goreleaser
@@ -111,7 +111,7 @@ tools:
   # used for triggering a release
   - name: gh
     version:
-      want: v2.61.0
+      want: v2.62.0
     method: github-release
     with:
       repo: cli/cli
diff --git a/syft/format/internal/cyclonedxutil/helpers/decoder.go b/syft/format/internal/cyclonedxutil/helpers/decoder.go
index c4c706e380b9..a4179bb5dfa6 100644
--- a/syft/format/internal/cyclonedxutil/helpers/decoder.go
+++ b/syft/format/internal/cyclonedxutil/helpers/decoder.go
@@ -42,13 +42,13 @@ func collectBomPackages(bom *cyclonedx.BOM, s *sbom.SBOM, idMap map[string]inter
 	componentsPresent := false
 	if bom.Components != nil {
 		for i := range *bom.Components {
-			collectPackages(&(*bom.Components)[i], s, idMap)
+			collectPackages(&(*bom.Components)[i], s, bom, idMap)
 		}
 		componentsPresent = true
 	}
 
 	if bom.Metadata != nil && bom.Metadata.Component != nil {
-		collectPackages(bom.Metadata.Component, s, idMap)
+		collectPackages(bom.Metadata.Component, s, bom, idMap)
 		componentsPresent = true
 	}
 
@@ -59,7 +59,7 @@ func collectBomPackages(bom *cyclonedx.BOM, s *sbom.SBOM, idMap map[string]inter
 	return nil
 }
 
-func collectPackages(component *cyclonedx.Component, s *sbom.SBOM, idMap map[string]interface{}) {
+func collectPackages(component *cyclonedx.Component, s *sbom.SBOM, bom *cyclonedx.BOM, idMap map[string]interface{}) {
 	switch component.Type {
 	case cyclonedx.ComponentTypeOS:
 	case cyclonedx.ComponentTypeContainer:
@@ -71,13 +71,16 @@ func collectPackages(component *cyclonedx.Component, s *sbom.SBOM, idMap map[str
 			idMap[syftID] = p
 		}
 		// TODO there must be a better way than needing to call this manually:
+		var oldName = p.Name
+		p.Name = bom.SerialNumber + p.Name
 		p.SetID()
+		p.Name = oldName
 		s.Artifacts.Packages.Add(*p)
 	}
 
 	if component.Components != nil {
 		for i := range *component.Components {
-			collectPackages(&(*component.Components)[i], s, idMap)
+			collectPackages(&(*component.Components)[i], s, bom, idMap)
 		}
 	}
 }