From 5a0516e3d785e7f5d2648bded214ccffec566641 Mon Sep 17 00:00:00 2001
From: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
Date: Wed, 1 May 2024 18:00:40 -0500
Subject: [PATCH] Update based on code review

Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
---
 pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
index 71c54bde822..805bd4655b9 100644
--- a/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
+++ b/pkg/ingestor/parser/cyclonedx/parser_cyclonedx.go
@@ -506,6 +506,7 @@ func (c *cyclonedxParser) findCDXPkgVersionIDs(ctx context.Context, pkgIdentifie
 	var pkgVersions []string
 	for _, depPkgVersion := range pkgResponse.Packages[0].Namespaces[0].Names[0].Versions {
 		pkgVersions = append(pkgVersions, depPkgVersion.Version)
+		// TODO (nathannaveen): use depPkgVersion.Purl instead of creating a new purl.
 		pkgVersionsMap[depPkgVersion.Version] = guacCDXPkgPurl(typeGUAC, depPkgVersion.Version, "", false)
 	}