Resolve a Not found status

The main action for an SBOM is to resolve a Match status of Multiple matches or Not found. Not found means that your software dependency/version/supplier combo has not been automatically matched to an existing software dependency/version/supplier combo in the NVD.

To resolve this, we do suggest possible weaker matches, based on fuzzy matching, or you could create an alias for this dependency or add review notes to show progress:

1. Click Resolve in the Actions column. This will display the Resolution options modal.

2. Check the possible matches to see if one meets your requirements. If not, you can click Back to create an alias.

3. This could happen when software has a different name in the NVD from what is in your SBOM. Check the NVD to see if you find a good match to your software dependency/version/supplier combo. If you find one, you can create an alias that will link this new match to your existing software dependency going forward. This means that next time you or anyone on your account uploads an SBOM that contains this software dependency/version/supplier combo, it will automatically be linked using this alias.

4. You can also add a review note to let others on your team know that it is not in the NVD. You can do this from the Resolution options modal or from the Actions column > … > Add review note in the SBOM dependency component table. This will ensure that your team is informed of the progress in assessing this issue, let someone else know that they need to look into it further, or highlight an especially critical risk with this software dependency.