Understand match sources

When Helm has completed matching or attempting to match all of the components in your SBOM, you will see a m along with the sources that were used to match the component.

Alias: This indicates that the component was matched by an . This could have been created by someone on your account or by the Helm team. This is considered a very strong match.
Cargo: This was exactly matched to a component in the Cargo package manager from a Package URL (PURL) uploaded in your SBOM file.
CPE: This was exactly matched to a component from a CPE string uploaded in your SBOM file. CPE is considered the strongest match.
Name: This component name/version/supplier combo exactly matches an existing component name/version/supplier combo in our system.
NuGet: This was exactly matched to a component in the NuGet package manager from a Package URL (PURL) uploaded in your SBOM file.
NPM: This was exactly matched to a component in the NPM package manager from a Package URL (PURL) uploaded in your SBOM file.
NVD: This component/version/supplier combo had an exact match in the National Vulnerability Database (NVD).
PyPI: This was exactly matched to a component in the PyPI package manager from a Package URL (PURL) uploaded in your SBOM file.
User: This was exactly matched by a user on this account to a possible match suggestion our system provided. If the user created an alias rule while matching, it will be considered an Alias match.

PreviousUnderstand match statuses NextCreate and manage alias rules to match and rematch components across all products

Last updated 3 months ago

Was this helpful?