From 1f362fcf45f80e9429aa29c935c794180682d995 Mon Sep 17 00:00:00 2001
From: DJ Schleen <djschleen@gmail.com>
Date: Sun, 22 Sep 2024 22:11:02 +0000
Subject: [PATCH] fix: returns the CVE as the vulnerability id in the OSV
 Provider if it is an alias

---
 providers/osv/osv.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/providers/osv/osv.go b/providers/osv/osv.go
index 37dc5d9..640f8af 100644
--- a/providers/osv/osv.go
+++ b/providers/osv/osv.go
@@ -66,6 +66,11 @@ func (Provider) Scan(purls []string, credentials *m.Credentials) ([]m.Package, e
 				}
 				vulnerability := m.Vulnerability{
 					ID: func() string {
+						for _, alias := range vuln.Aliases {
+							if strings.HasPrefix(strings.ToLower(alias), "cve") {
+								return alias
+							}
+						}
 						if vuln.ID == "" {
 							return "NOT PROVIDED"
 						}
@@ -76,7 +81,7 @@ func (Provider) Scan(purls []string, credentials *m.Credentials) ([]m.Package, e
 					Severity:    severity,
 					Cve: func() string {
 						if len(vuln.Aliases) > 0 {
-							return vuln.Aliases[0]
+							return strings.Join(vuln.Aliases, ",")
 						}
 						return "NOT PROVIDED"
 					}(),