fix: fix grype pkg:golang/k8s.io/[email protected] does not show cve because namespace not handled

Signed-off-by: goatwu1993 <[email protected]>

Author: goatwu1993

grype/pkg/purl_provider.go

@@ -201,12 +201,17 @@ func purlToPackage(rawLine string) (*Package, *pkg.Package, string, string, erro
 		PURL:     purl.String(),
 		Language: pkg.LanguageByName(purl.Type),
 	}
+	// copy to avoid mutating the original purl object
+	name := purl.Name
+	if purl.Namespace != "" {
+		name = fmt.Sprintf("%s/%s", purl.Namespace, purl.Name)
+	}
 
 	syftPkg.SetID()
 	return &Package{
 		ID:        ID(purl.String()),
 		CPEs:      cpes,
-		Name:      purl.Name,
+		Name:      name,
 		Version:   version,
 		Type:      pkgType,
 		Language:  pkg.LanguageByName(purl.Type),