From 2ba286e0251bf662149266a13b3baaef8f5df6cf Mon Sep 17 00:00:00 2001
From: Weston Steimel <weston.steimel@anchore.com>
Date: Wed, 22 Feb 2023 22:41:30 +0000
Subject: [PATCH] fix: improve CPE generation for curl APK

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---
 syft/pkg/cataloger/common/cpe/candidate_by_package_type.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
index 4d74cbc176d..48834919875 100644
--- a/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
+++ b/syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
@@ -178,6 +178,11 @@ var defaultCandidateAdditions = buildCandidateLookup(
 			candidateAddition{AdditionalVendors: []string{"pypa"}},
 		},
 		// Alpine packages
+		{
+			pkg.ApkPkg,
+			candidateKey{PkgName: "curl"},
+			candidateAddition{AdditionalVendors: []string{"haxx"}},
+		},
 		{
 			pkg.ApkPkg,
 			candidateKey{PkgName: "python3"},