fix(scan): enable pseudoversion comparison

After my Grype PR (anchore/grype#1797), Anchore added a follow-up PR that makes this behavior cnofigurable. It is on by default for the Grype CLI but not for the Grype library. This commit enables it for the Grype library so we can see this kind of match from wolfictl scans. Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
luhring · Apr 23, 2024 · 86ffdf9 · 86ffdf9
1 parent cc79643
commit 86ffdf9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/pkg/scan/apk.go b/pkg/scan/apk.go
@@ -212,7 +212,11 @@ func createMatchers(useCPEs bool) []matcher.Matcher {
 	return matcher.NewDefaultMatchers(
 		matcher.Config{
 			Dotnet: dotnet.MatcherConfig{UseCPEs: useCPEs},
-			Golang: golang.MatcherConfig{UseCPEs: useCPEs, AlwaysUseCPEForStdlib: true},
+			Golang: golang.MatcherConfig{
+				UseCPEs:                                useCPEs,
+				AlwaysUseCPEForStdlib:                  true,
+				AllowMainModulePseudoVersionComparison: true,
+			},
 			Java: java.MatcherConfig{
 				ExternalSearchConfig: java.ExternalSearchConfig{
 					SearchMavenUpstream: true,