How do I know when software has been successfully matched?
Match statuses
Matched
This status indicates that the component has an exact match with software listed in the National Vulnerability Database (NVD). This status confirms that the software has reported vulnerabilities, which are visible on the Vulnerabilities page for the respective product version. Components with a correct CPE or PURL identifier but incorrect supplier information are automatically corrected and matched by our system.
Select match
This status indicates that Helm found multiple potential matches using one or more match sources. Refer to Resolve match statuses to try to uniquely identify this component.
Matched to package manager
This status indicates that a dependency component is matched to a package manager but is not found in the NVD. Refer to Matched statuses and Resolve match statuses for more information.
Not found
For components that do not match any known software in the NVD or supported package managers, refer to Resolve match statuses to try to identify this component.
Create an alias to link to known software
You can use aliases to match any components in your SBOM that have multiple matches or are unmatched to known software components in the NVD. Administrators can create new aliases.
Other statuses
Scanning: This is an interim status that indicates that Helm is processing this match. If you have been waiting and haven't seen this update, try refreshing the page.
Fix version: The software version provided for this dependency component does not align with the expected version. If you see this, you will also see a warning icon next to the version. Refer to Resolve match statuses for more information on resolving this issue.
Contact us: Helm was unable to process this version. We have logged this issue and will try to rectify it quickly. Refer to Resolve match statuses for more information on resolving this issue.
Error: Some other error occurred while trying to process this component. This should be extremely rare. Contact us for help in resolving this issue.
Removing duplicates
Helm checks CPE and PURL IDs to determine if a dependency component is unique. If a duplicate is detected, it will automatically be removed, streamlining your SBOM management.
Last updated