What happened:
Running Grype to a local development directory.
Variable not interpreting correctly in multiple level configuration file.
See the following example with ${version.h2.database} variable,

$ grype ./My_project
:
guava 15.0 24.1.1 java-archive GHSA-mvr2-9pj6-7w5j Medium
guava 15.0 32.0.0 java-archive GHSA-7g45-4rm6-3mm3 Medium
h2 ${version.h2.database} java-archive CVE-2022-45868 High
h2 ${version.h2.database} 2.1.210 java-archive GHSA-45hx-wfhj-473x Critical
h2 ${version.h2.database} 2.2.220 java-archive GHSA-22wj-vf5f-wrvj High
:

What you expected to happen:
Every variable should be replaced with a value.

h2 1.4.200 java-archive CVE-2022-45868 High
h2 1.4.200 2.1.210 java-archive GHSA-45hx-wfhj-473x Critical
h2 1.4.200 2.2.220 java-archive GHSA-22wj-vf5f-wrvj High

How to reproduce it (as minimally and precisely as possible):

Propertie name and value is defined in top/parent level pom.xml

<properties>
     :
    <version.h2.database>1.4.200</version.h2.database>
     :
</properties>

Application level define their dependency in pom,xml using variable in Top level pom.xml

<dependencies>
             :
    <dependency>
        <groupId>com.h2database</groupId>
        <artifactId>h2</artifactId>
        <version>${version.h2.database}</version>
        <scope>test</scope>
    </dependency>
               :

Environment:

Application: grype
Version: 0.62.3
Syft Version: v0.83.0
BuildDate: 2023-06-06T00:36:27Z
GitCommit: 3865f4cc1dfcdcefbb7009400df153f24b18c772
GitDescription: v0.62.3
Platform: linux/amd64
GoVersion: go1.18.1
Compiler: gc
Supported DB Schema: 5