Get FDA ready Services
Solutions
Guardian help Get a demo

Match statuses and rules

  1. If you see a status of Matched, that means that the dependency meets one of the following criteria

    • It has an exact CPE match in the NVD

    • It has an exact alias match in the NVD

    • It has an exact name match in the NVD

    • It has an exact PURL package manager match in the NVD. We currently support Cargo, NPM, Nuget, or Pypi package managers.

  2. It has an exact PURL match in one of our supported package managers. Because this has not been found in the NVD, this match does not bring forward vulnerabilities, so you’ll need to click Resolve to either select a possible match suggestion, create an alias, or add a review note.

  3. It was linked to one of our match suggestions by a user, which means that it now has a match in the NVD.

  4. If you see a status of Multiple matches, that means that the dependency has multiple exact matches in the NVD due to a match via: CPE, alias, PURL, or name. For example, you could have multiple name matches.

  5. If you see a status of Not found, that means that the dependency meets both of the following criteria:

    • It does not have an exact match in the NVD. Whenever the status is Not found, it is accompanied by a NOT IN NVD token.

    • It does not have an exact PURL match in one of our supported package managers.

PreviousGet a warning icon next to your dependency component version?NextMatch sources

Last updated

© Copyright MedCrypt 2023, All rights reserved.