From 15ebaae26a57425088cf57aeaf12a2caaa696de5 Mon Sep 17 00:00:00 2001
From: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Date: Wed, 1 May 2024 18:00:40 -0500
Subject: [PATCH] Update based on code review

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
---
 pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
index 9f03a5ee9e..09fa21dbc0 100644
--- a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
+++ b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
@@ -527,6 +527,7 @@ func (c *cyclonedxParser) findCDXPkgVersionIDs(ctx context.Context, pkgIdentifie
 	var pkgVersions []string
 	for _, depPkgVersion := range pkgResponse.Packages[0].Namespaces[0].Names[0].Versions {
 		pkgVersions = append(pkgVersions, depPkgVersion.Version)
+		// TODO (nathannaveen): use depPkgVersion.Purl instead of creating a new purl.
 		pkgVersionsMap[depPkgVersion.Version] = guacCDXPkgPurl(typeGUAC, depPkgVersion.Version, "", false)
 	}