Use vendor alias only for name based searches

prabhu · prabhu · commit d24c981f0802 · 2024-01-22T23:28:26.000Z
Signed-off-by: Prabhu Subramanian &lt;prabhu@appthreat.com&gt;
diff --git a/depscan/lib/normalize.py b/depscan/lib/normalize.py
@@ -100,7 +100,7 @@ def create_pkg_variations(pkg_dict):
         ]:
             vendor_aliases.add("golang")
     if pkg_type not in config.OS_PKG_TYPES:
-        if purl.startswith("pkg:composer"):
+        if not vendor and purl.startswith("pkg:composer"):
             vendor_aliases.add("get" + name)
             vendor_aliases.add(name + "_project")
         for k, v in config.vendor_alias.items():
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "owasp-depscan"
-version = "5.2.0"
+version = "5.2.1"
 description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},
