Incorporate SCA results into 3rd party check #17
Description
The SCA results can be used to review the 3rd party libraries within third_party.go. These are already pulled back as part of the detailed report, and the existence is used in missing_sca_components.
software_composition_analysis / vulnerable_components / component - the file_name attribute.
If there is a selected top level module that matches the file_name, we can class it as 3rd party alongside the existing list.
There is a chance that the filename will not match due to it being renamed, but this is typically the exception rather than the rule.
Sample Build ID: 34772495