binary cataloger is picking up the go version instead of the actual binary version in traefik experimental images

**What happened**:

when scanning traefik experimental docker images like traefik/traefik:experimental-v3.6, syft reports the go compiler version instead of the actual traefik version

traefik experimental builds use commit hashes instead of semver, so syft falls back to the go version and reports it as the binary version

syft shows 1.24.11 as the traefik version, but that's actually the go compiler version

thanks to the traefik team for pointing out the bug affecting their experimental builds

**What you expected to happen**:

empty or omitted 

**Steps to reproduce the issue**:

syft docker:traefik/traefik:experimental-v3.6 | grep traefik

```
docker run -it traefik/traefik:experimental-v3.6 version
Version:      8e6ce08f33b2adcb9042d2ce7acf8cf51ee1c7bf
Codename:     cheddar
Go version:   go1.24.11
Built:        2025-12-23_11:07:53AM
OS/Arch:      linux/arm64
```

**Anything else we need to know?**:

**Environment**:
- Output of `syft version`:
- OS (e.g: `cat /etc/os-release` or similar):


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

binary cataloger is picking up the go version instead of the actual binary version in traefik experimental images #4498

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

binary cataloger is picking up the go version instead of the actual binary version in traefik experimental images #4498

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions