@@ -91,7 +91,7 @@ func enrichCycloneDX(cfg *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM
9191 logger .Debug ().Str ("org_id" , orgID .String ()).Msg ("Inferred Snyk organization ID" )
9292
9393 var mutex = & sync.Mutex {}
94- vulnerabilities := make (map [cdx.Component ][]issues.CommonIssueModelVThree )
94+ vulnerabilities := make (map [* cdx.Component ][]issues.CommonIssueModelVThree )
9595 wg := sizedwaitgroup .New (20 )
9696
9797 comps := utils .DiscoverCDXComponents (bom )
@@ -125,7 +125,6 @@ func enrichCycloneDX(cfg *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM
125125
126126 // Fetch vulnerabilities for each unique PURL
127127 for _ , group := range purlGroups {
128- group := group
129128 wg .Add ()
130129 go func () {
131130 defer wg .Done ()
@@ -153,7 +152,7 @@ func enrichCycloneDX(cfg *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM
153152 if packageDoc .Data != nil {
154153 mutex .Lock ()
155154 for _ , component := range group .components {
156- vulnerabilities [* component ] = * packageDoc .Data
155+ vulnerabilities [component ] = * packageDoc .Data
157156 }
158157 mutex .Unlock ()
159158 }
@@ -162,10 +161,10 @@ func enrichCycloneDX(cfg *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM
162161 wg .Wait ()
163162
164163 var vulns []cdx.Vulnerability
165- for k , v := range vulnerabilities {
164+ for comp , v := range vulnerabilities {
166165 for _ , issue := range v {
167166 vuln := cdx.Vulnerability {
168- BOMRef : k .BOMRef ,
167+ BOMRef : comp .BOMRef ,
169168 }
170169 if issue .Id != nil {
171170 vuln .ID = * issue .Id
0 commit comments