Comment on page
Create an alias for a dependency component
When assessing Multiple matches, Not found, and Matched with NOT IN NVD token statuses, users with an Administrator role can create an alias for a dependency component in your SBOM to a particular software that exists in the NVD. If you're not an Administrator, but have identified a likely match, contact one of your Administrators to have the alias created for you.
To create an alias:
- 1.In the Actions column, click Resolve. This will display the Resolution options modal.
- 2.Click the Create alias button. This will display the Create alias modal.
- 3.The scope is defaulted to Organization, which means that this alias you create for this dependency component will be linked in the future any time anyone else in your company uploads an SBOM that contains this dependency component. There isn’t another option for this currently.
- 4.Enter the Dependency name that you’re creating the alias link for, then click Next. You’ll then be prompted to enter the dependency name.
- 5.Enter all or part of your dependency name. Select the supplier/dependency combo that best matches your dependency, then click Create. You’ll be prompted to confirm this alias.
- 6.When you’re ready to confirm the alias, click Confirm. This will change any Not found or Multiple matches status to Matched with an Alias matching token. Going forward, whenever you or anyone else in your organization uploads this dependency component in an SBOM, this alias will be applied.
IMPORTANT: Aliases are not applied retroactively to SBOM dependency components that have already been uploaded, only to those created or uploaded in the future.
- Administrator: Users with an Administrator role can view and edit all products, as well as create aliases and use existing aliases to link software in their SBOMs to known software in the NVD.
- User with edit permissions for a product: Users who have edit permissions for a particular product, but are not Administrators, will be able to view and use existing aliases for that product to link software in their SBOM to known software in the NVD, but will not be able to create aliases unless they have an Administrator role.
- User with read-only permissions for a product: These users will be able to view aliases for that product, but will not be able to use these aliases to link software.