Table output removes duplicates despite vulnerability being in different projects

[jneate]

Accidentally discovered running grype against a directory with two components in it, that have the same vulnerability results in Grype only displaying the one vulnerability in the table despite it appearing twice in two different files/locations.

Vuln ID: GHSA-36p3-wjmg-h94x

As you can see, in the JSON output the difference is the location but in the table output, the location is not present and therefore the removeDuplicates function https://github.com/anchore/grype/blob/main/grype/presenter/table/presenter.go#L83 removes it as a duplicate.

I think this could inadvertently be fixed by #1275 but thought best to raise it anyway.

[tgerla]

Thanks @jneate, we are discussing this. Would it make sense if we instead of removing the duplicate put a "(2)" indicator after the vulnerability ID, so that you could immediately see you have two instances of that vulnerability?