# Understand match sources

## Overview

When Helm has completed matching or attempting to match all of the components in your SBOM, you will see a [Match status](https://helm.docs.medcrypt.com/match-components/understand-match-statuses) along with the sources that were used to match the component.&#x20;

### Understanding Workspace Context for Match Sources

When reviewing match sources and their reliability:

* **Organization-wide sources**: All match sources (NVD, CPE, package managers, aliases) are organization-wide resources
* **Match reliability**: Source strength and reliability apply consistently across all workspaces
* **Alias benefits**: Aliases created by admins in any workspace benefit component matching organization-wide
* **Workspace focus**: While sources are organization-wide, you only see components and their match sources for your current workspace

## Match source types

{% hint style="warning" %}
**IMPORTANT:** If you have a **Matched** status that does not have an **NVD** badge, this has not been matched in the NVD, which means that it either does not have vulnerabilities or has a different name in the NVD. Refer to [Resolve matched statuses](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information. You must identify an exact match in the NVD in order to see vulnerabilities for that component.
{% endhint %}

* **Alias:** This indicates that the component was matched by an [alias rule](https://helm.docs.medcrypt.com/match-components/create-and-manage-alias-rules-to-match-and-rematch-components-across-all-products). This could have been created by someone on your account or by the Helm team. This is considered a very strong match.
* **NVD:** This component/version/supplier combo had an exact match in the National Vulnerability Database (NVD).
* **Package managers:**
  * **Cargo:** This was exactly matched to a component in the Cargo package manager from a Package URL (PURL) uploaded in your SBOM file.
  * **NuGet:** This was exactly matched to a component in the NuGet package manager from a Package URL (PURL) uploaded in your SBOM file.
  * **NPM:** This was exactly matched to a component in the NPM package manager from a Package URL (PURL) uploaded in your SBOM file.
  * **PyPI**: This was exactly matched to a component in the PyPI package manager from a Package URL (PURL) uploaded in your SBOM file.
* **Other sources:**
  * **CPE:** This was exactly matched to a component from a CPE string uploaded in your SBOM file. CPE is considered the strongest match.
  * **Name:** This component name/version/supplier combo exactly matches an existing component name/version/supplier combo in our system.
  * **User:** This was exactly matched by a user on this account to a possible match suggestion our system provided. If the user created an alias rule while matching, it will be considered an Alias match.&#x20;