fix: include group/namespace across formats

cmd/grype/cli/commands/root.go

@@ -12,6 +12,7 @@ import (
 	"github.com/anchore/clio"
 	"github.com/anchore/grype/cmd/grype/cli/options"
 	"github.com/anchore/grype/grype"
+	"github.com/anchore/grype/grype/distro"
 	"github.com/anchore/grype/grype/event"
 	"github.com/anchore/grype/grype/event/parsers"
 	"github.com/anchore/grype/grype/grypeerr"
@@ -35,7 +36,6 @@ import (
 	"github.com/anchore/grype/internal/stringutil"
 	"github.com/anchore/syft/syft"
 	"github.com/anchore/syft/syft/cataloging"
-	"github.com/anchore/syft/syft/linux"
 	syftPkg "github.com/anchore/syft/syft/pkg"
 	"github.com/anchore/syft/syft/sbom"
 )
@@ -261,15 +261,10 @@ func applyDistroHint(pkgs []pkg.Package, context *pkg.Context, opts *options.Gry
 		if len(split) > 1 {
 			v = split[1]
 		}
-		context.Distro = &linux.Release{
-			PrettyName: d,
-			Name:       d,
-			ID:         d,
-			IDLike: []string{
-				d,
-			},
-			Version:   v,
-			VersionID: v,
+		var err error
+		context.Distro, err = distro.NewFromNameVersion(d, v)
+		if err != nil {
+			log.WithFields("distro", opts.Distro, "error", err).Warn("unable to parse distro")
 		}
 	}
 

cmd/grype/cli/commands/root_test.go

@@ -28,24 +28,24 @@ func Test_applyDistroHint(t *testing.T) {
 	applyDistroHint([]pkg.Package{}, &ctx, &cfg)
 	assert.NotNil(t, ctx.Distro)
 
-	assert.Equal(t, "alpine", ctx.Distro.Name)
+	assert.Equal(t, "alpine", ctx.Distro.Name())
 	assert.Equal(t, "3.10", ctx.Distro.Version)
 
 	// does override an existing distro
-	cfg.Distro = "ubuntu:latest"
+	cfg.Distro = "ubuntu:24.04"
 	applyDistroHint([]pkg.Package{}, &ctx, &cfg)
 	assert.NotNil(t, ctx.Distro)
 
-	assert.Equal(t, "ubuntu", ctx.Distro.Name)
-	assert.Equal(t, "latest", ctx.Distro.Version)
+	assert.Equal(t, "ubuntu", ctx.Distro.Name())
+	assert.Equal(t, "24.04", ctx.Distro.Version)
 
 	// doesn't remove an existing distro when empty
 	cfg.Distro = ""
 	applyDistroHint([]pkg.Package{}, &ctx, &cfg)
 	assert.NotNil(t, ctx.Distro)
 
-	assert.Equal(t, "ubuntu", ctx.Distro.Name)
-	assert.Equal(t, "latest", ctx.Distro.Version)
+	assert.Equal(t, "ubuntu", ctx.Distro.Name())
+	assert.Equal(t, "24.04", ctx.Distro.Version)
 }
 
 func Test_getProviderConfig(t *testing.T) {

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4
 	github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115
 	github.com/anchore/stereoscope v0.1.4
-	github.com/anchore/syft v1.23.2-0.20250509082920-0b78186a97a0
+	github.com/anchore/syft v1.23.2-0.20250512173324-621d21eb04ca
 	github.com/aquasecurity/go-pep440-version v0.0.1
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
 	github.com/bmatcuk/doublestar/v2 v2.0.4

go.sum

@@ -708,8 +708,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115 h1:ZyRCmiE
 github.com/anchore/packageurl-go v0.1.1-0.20250220190351-d62adb6e1115/go.mod h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI=
 github.com/anchore/stereoscope v0.1.4 h1:e+iT9UdUzLBabWGe84hn5sTHDRioY+4IHsVzJXuJlek=
 github.com/anchore/stereoscope v0.1.4/go.mod h1:omWgXDEp/XfqCJlZXIByEo1c3ArZg/qTJ5LBKVLAIdw=
-github.com/anchore/syft v1.23.2-0.20250509082920-0b78186a97a0 h1:Jnsz2S3H6PtGM2A11vqyD6Iyl479lY2be9lNWGLjkuA=
-github.com/anchore/syft v1.23.2-0.20250509082920-0b78186a97a0/go.mod h1:rD7NI0LzopzDuVe5SW+NOUAcbaRe8TYwwourGwBYZZk=
+github.com/anchore/syft v1.23.2-0.20250512173324-621d21eb04ca h1:GY1N+iXgj9rdibkf46vm+VQkASGGtW4NtDSNDAZSUuk=
+github.com/anchore/syft v1.23.2-0.20250512173324-621d21eb04ca/go.mod h1:rD7NI0LzopzDuVe5SW+NOUAcbaRe8TYwwourGwBYZZk=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA=

grype/deprecated.go

@@ -1,14 +1,14 @@
 package grype
 
 import (
+	"github.com/anchore/grype/grype/distro"
 	"github.com/anchore/grype/grype/match"
 	"github.com/anchore/grype/grype/matcher"
 	"github.com/anchore/grype/grype/pkg"
 	"github.com/anchore/grype/grype/vulnerability"
 	"github.com/anchore/grype/internal/log"
 	"github.com/anchore/stereoscope/pkg/image"
 	"github.com/anchore/syft/syft"
-	"github.com/anchore/syft/syft/linux"
 	"github.com/anchore/syft/syft/source"
 )
 
@@ -33,7 +33,7 @@ func FindVulnerabilities(store vulnerability.Provider, userImageStr string, scop
 }
 
 // TODO: deprecated, will remove before v1.0.0
-func FindVulnerabilitiesForPackage(store vulnerability.Provider, d *linux.Release, matchers []match.Matcher, packages []pkg.Package) match.Matches {
+func FindVulnerabilitiesForPackage(store vulnerability.Provider, d *distro.Distro, matchers []match.Matcher, packages []pkg.Package) match.Matches {
 	exclusionProvider, _ := store.(match.ExclusionProvider) // TODO v5 is an exclusion provider, but v6 is not
 	runner := VulnerabilityMatcher{
 		VulnerabilityProvider: store,

grype/distro/distro.go

@@ -6,6 +6,7 @@ import (
 
 	hashiVer "github.com/hashicorp/go-version"
 
+	"github.com/anchore/grype/internal/log"
 	"github.com/anchore/syft/syft/linux"
 )
 
@@ -43,6 +44,13 @@ func New(t Type, version, label string, idLikes ...string) (*Distro, error) {
 		}
 	}
 
+	for i := range idLikes {
+		typ, ok := IDMapping[strings.TrimSpace(idLikes[i])]
+		if ok {
+			idLikes[i] = typ.String()
+		}
+	}
+
 	return &Distro{
 		Type:      t,
 		major:     major,
@@ -54,6 +62,35 @@ func New(t Type, version, label string, idLikes ...string) (*Distro, error) {
 	}, nil
 }
 
+// NewFromNameVersion creates a new Distro object derived from the provided name and version
+func NewFromNameVersion(name, version string) (*Distro, error) {
+	var codename string
+
+	// if there are no digits in the version, it is likely a codename
+	if !strings.ContainsAny(version, "0123456789") {
+		codename = version
+		version = ""
+	}
+
+	typ := IDMapping[name]
+	if typ == "" {
+		typ = Type(name)
+	}
+	return New(typ, version, codename, string(typ))
+}
+
+// FromRelease attempts to get a distro from the linux release, only logging any errors
+func FromRelease(linuxRelease *linux.Release) *Distro {
+	if linuxRelease == nil {
+		return nil
+	}
+	d, err := NewFromRelease(*linuxRelease)
+	if err != nil {
+		log.WithFields("error", err).Warn("unable to create distro from linux distribution")
+	}
+	return d
+}
+
 // NewFromRelease creates a new Distro object derived from a syft linux.Release object.
 func NewFromRelease(release linux.Release) (*Distro, error) {
 	t := TypeFromRelease(release)
@@ -105,6 +142,8 @@ func (d Distro) String() string {
 	versionStr := "(version unknown)"
 	if d.Version != "" {
 		versionStr = d.Version
+	} else if d.Codename != "" {
+		versionStr = d.Codename
 	}
 	return fmt.Sprintf("%s %s", d.Type, versionStr)
 }

grype/distro/distro_test.go

@@ -29,10 +29,12 @@ func Test_NewDistroFromRelease(t *testing.T) {
 				ID:        "centos",
 				VersionID: "8",
 				Version:   "7",
+				IDLike:    []string{"rhel"},
 			},
 			expected: &Distro{
 				Type:    CentOS,
 				Version: "8",
+				IDLike:  []string{"redhat"},
 			},
 			major: "8",
 			minor: "",

grype/internal/packagemetadata/discover_type_names.go

@@ -16,7 +16,7 @@ import (
 
 var metadataExceptions = strset.New(
 	"FileMetadata",
-	"PURLFileMetadata",
+	"SBOMFileMetadata",
 	"PURLLiteralMetadata",
 	"CPELiteralMetadata",
 )

grype/pkg/context.go

@@ -1,11 +1,11 @@
 package pkg
 
 import (
-	"github.com/anchore/syft/syft/linux"
+	"github.com/anchore/grype/grype/distro"
 	"github.com/anchore/syft/syft/source"
 )
 
 type Context struct {
 	Source *source.Description
-	Distro *linux.Release
+	Distro *distro.Distro
 }