Manage dependency component

Manage dependency component

Page actionsYou can view details about a dependency components, including its licenses, how it was matched, and any review information. In the Software Bill of Materials (Products) page, select Actions ... > Manage dependency component to modify dependency component details.

Product details

  • Product name: This is your product name.

  • Product version: This is your product version.

Dependency component details

  • Name: This is what may be referred to as a component in other systems. It is the firmware, software, framework, library, file, or operating system that is installed on the physical representations of your device (e.g., Windows, OpenSSL).

  • Version: This is the version for this dependency component name (e.g., 10.1 for Windows).

  • Supplier: This is the organization that supplied the dependency component. The supplier may often be the manufacturer, but may also be a distributor or repackager (e.g., Microsoft for Windows).

  • Original CPE: This is the original PURL assigned to this component in your SBOM file. Example format: (e.g., cpe:2.3:part:vendor:product:version:update:edition:language:sw_edition:target_sw:target_hw:other)

  • Enriched CPE: This is the PURL that was added or enriched from the respective package manager during the component matching process. This will only display if populated. You cannot edit this.

  • Original PURL: This is the original CPE assigned to this component in your SBOM file. Example format: (e.g., scheme:type/namespace/name@version?qualifiers#subpath)

  • Enriched PURL: This is the CPE that was added or enriched by our AI copilot during the component matching process. This will only display if populated. You cannot edit this.

Match details

This is how Helm matched or attempted to match your dependency component.

  • Match status: This shows the current match status, as well as what sources were matched on.

  • Matched by:

    • System: Helm automatically matched this dependency component based on an exact match in the NVD, which could be from a CPE, PURL package manager, name/version/supplier, or alias.

    • User name: This user manually matched this dependency component to a suggested match or created a new alias to link it to known software.

Review details

This shows the last review added for this dependency component. You can also add your own review or view all review information.

  • Review status: Shows whether the dependency component has been reviewed or needs to be reviewed. You can click this badge to set a new status.

  • Last reviewed: Shows who last reviewed this dependency component and when.

  • Last review: This is the last review note made on this dependency component to inform the team or progress, final status, or critical risk.

​​

Last updated

© Copyright MedCrypt 2024, All rights reserved.