From 0c64a870f92ce6ff9d9f55c3ea0a88d82fb2bd6c Mon Sep 17 00:00:00 2001
From: Weston Steimel <author@code.w.steimel.me.uk>
Date: Mon, 18 May 2026 13:41:36 +0100
Subject: [PATCH] fix: skip upstream PyPA records without a valid identifier

Signed-off-by: Weston Steimel <author@code.w.steimel.me.uk>
---
 src/anchore_security_cli/identifiers/providers/pypa.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/anchore_security_cli/identifiers/providers/pypa.py b/src/anchore_security_cli/identifiers/providers/pypa.py
index b322e01..600b01e 100644
--- a/src/anchore_security_cli/identifiers/providers/pypa.py
+++ b/src/anchore_security_cli/identifiers/providers/pypa.py
@@ -25,6 +25,10 @@ def _process_fetch(self, content_dir: str) -> list[ProviderRecord]:
             with open(file) as f:
                 data = yaml.safe_load(f)
 
+            # Skip records that don't yet have a valid identifier
+            if "id" not in data or data.get("id").startswith("PYSEC-0000-"):
+                continue
+
             record_id = data["id"]
             aliases = Aliases.from_list([record_id, *data.get("aliases", [])], provider=self.name)
             published = self._parse_date(data.get("published"))