Links

Match sources

You may see the following match sources: NVD, Alias, Name, CPE, User, or one of our supported PURL package managers: PyPI, NPM, NuGet, and Cargo. If you’re in the Dependency details panel, you’ll see any of our supported package managers, NVD or NOT IN NVD, Alias, User, Exact, Name, CPE, and System. You can use these to gauge the strength of a match and your corresponding confidence in the match by the source.
  • Alias: This displays if a user on your account created an alias for this software dependency/version/supplier combo. You can hover over the token for more information on whether the alias was created by a user in this session (Matched by user) or automatically matched by our system (Matched by system).
  • Cargo: This was exactly matched to a dependency in the Cargo package manager from a Package URL (PURL) uploaded in your SBOM file.
  • CPE: This was exactly matched to a dependency from a CPE string uploaded in your SBOM file. CPE is considered the strongest match.
  • Exact: This dependency had an exact match in the NVD, which could include a PURL string (Cargo, NPM, Nuget, or Pypi package manager), CPE string, or name match. Of the exact match types, CPE is considered the strongest match, while Name is the weakest, as it goes off the Dependency name. This token will also display if the user creates an alias in this session. You can hover over the token for more information on whether it was matched by the user in this session (Matched by user) or automatically matched by our system (Matched by system).
  • Name: This dependency name/version/supplier combo exactly matches an existing dependency name/version/supplier combo in our system.
  • NuGet: This was exactly matched to a dependency in the NuGet package manager from a Package URL (PURL) uploaded in your SBOM file.
  • NPM: This was exactly matched to a dependency in the NPM package manager from a Package URL (PURL) uploaded in your SBOM file.
  • NVD: This dependency/version/supplier combo had an exact match in the National Vulnerability Database (NVD).
  • PyPI: This was exactly matched to a dependency in the PyPI package manager from a Package URL (PURL) uploaded in your SBOM file.
  • System: Our system found an exact match via at least one of the above sources.
  • User: This was exactly matched by a user on this account to a possible match suggestion our system provided, or the user created an alias in this session. If the user created an alias in a previous session, that will be considered an automatic match, and will have a System token.
© Copyright MedCrypt 2023, All rights reserved.