Link unmatched software to known software
What are aliases?
Aliases are permanent matches that were created to link any dependency components in your SBOM that have multiple matches or are unmatched to known software components in the NVD. These can be created by either your team or by Helm.
View aliased matches
To view aliases, click the Aliases item in the sidebar. If you have appropriate permissions, you will see an Aliases table with the original name of the dependency component in your SBOM, the linked (aliased) name of the known software in the NVD.
In the Software Bill of Materials (Products) page, you will see a Matched status with an ALIAS token in the Match status column for all aliased matches.
Create an alias
When assessing Multiple matches, Not found, and Matched with NOT IN NVD token statuses, users with an Administrator role can create an alias for a dependency component in your SBOM to a particular software that exists in the NVD. If you're not an Administrator, but have identified a likely match, contact one of your Administrators to have the alias created for you.
There are two ways you can create aliases: directly from the unmatched dependency component or from the Aliases page (detailed above).
To create an alias directly from the dependency component:
Navigate to the Software Bill of Materials (Products) page, then click Resolve in the Actions column. This will display the Resolution options modal.
Click the Create alias button. This will display the Create alias modal.
The scope is defaulted to Organization, which means that this alias you create for this dependency component will be linked in the future any time anyone else in your company uploads an SBOM that contains this dependency component. There isn’t another option for this currently.
Enter the Dependency name that you’re creating the alias link for, then click Next. You’ll then be prompted to enter the dependency name.
Enter all or part of your dependency name. Select the supplier/dependency combo that best matches your dependency, then click Create. You’ll be prompted to confirm this alias.
When you’re ready to confirm the alias, click Confirm. This will change any Not found or Multiple matches status to Matched with an Alias matching token. Going forward, whenever you or anyone else in your organization uploads this dependency component in an SBOM, this alias will be applied.
IMPORTANT: Aliases are not applied retroactively to SBOM dependency components that have already been uploaded, only to those created or uploaded in the future.
Remove an alias
If you find that your team has added an incorrect alias, you can easily remove it if you are an Administrator.
Click the Aliases item in the sidebar. If you have appropriate permissions, you will see an Aliases table with the original name of the dependency component in your SBOM, the linked (aliased) name of the known software in the NVD.
Click the row that you want to remove to highlight it, then click Remove. You'll be prompted to confirm the removal.
Alias permissions
Administrator: Users with an Administrator role can view and edit all products, as well as create aliases and use existing aliases to link software in their SBOMs to known software in the NVD.
User with edit permissions for a product: Users who have edit permissions for a particular product, but are not Administrators, will be able to view and use existing aliases for that product to link software in their SBOM to known software in the NVD, but will not be able to create aliases unless they have an Administrator role.
User with read-only permissions for a product: These users will be able to view aliases for that product, but will not be able to use these aliases to link software.
Last updated