syft some-jar.jar fails to find packages if PWD is a symlink

[willmurphyscode]

What happened:

Scanning a jar with syft fails to find the jar itself if the current working directory is a symlink prints "no packages discovered."

Prints No packages discovered.

What you expected to happen:

I expected at least the jar itself to be found.

Steps to reproduce the issue:

mkdir actual
ln -s $PWD/actual im-a-link
cd im-a-link
curl -O https://repo1.maven.org/maven2/xalan/xalan/2.7.2/xalan-2.7.2.jar
syft -q xalan-2.7.2.jar
cd ../actual
syft -q xalan-2.7.2.jar

The first syft invocation finds nothing, but the second one finds the jar.

Anything else we need to know?:

I discovered this because /tmp on newer macOS installations is a symlink.

Environment:

• Output of syft version:

❯ syft version
Application: syft
Version:    0.97.1
BuildDate:  2023-11-17T20:53:01Z
GitCommit:  Homebrew
GitDescription: [not provided]
Platform:   darwin/arm64
GoVersion:  go1.21.4
Compiler:   gc

• OS (e.g: cat /etc/os-release or similar):

❯ uname -moprsv
Darwin 23.0.0 Darwin Kernel Version 23.0.0: Fri Sep 15 14:41:43 PDT 2023; root:xnu-10002.1.13~1/RELEASE_ARM64_T6000 arm64 arm

[willmurphyscode]

This is possibly related to #1962, but I opened a separate issue because passing --base-path / (or a couple other possible paths) doesn't seem to resolve this behavior.