# Understand match statuses

{% hint style="warning" %}
**IMPORTANT:** If you have a **Matched** status that does not have an **NVD** badge, this has not been matched in the NVD, which means that it either does not have vulnerabilities or has a different name in the NVD. Refer to [Resolve matched statuses](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information. You must identify an exact match in the NVD in order to see vulnerabilities for that component.
{% endhint %}

## Overview

The match status of each of your components is indicated in the **Match status** column of the components table. You can click directly on this status badge itself to begin the resolution process, or you can select an action from the **Actions** column. We use a variety of metadata and [match sources](https://helm.docs.medcrypt.com/match-components/understand-match-sources) to identify a match, including the NVD, CPE, alias, name, and supported package managers (Cargo, NPM, NuGet, PyPI).

### **Understanding workspace context for component matching**

* **Component scope**: All match statuses and resolution work applies to components in your current workspace
* **Match sources**: Matching draws from organization-wide sources (NVD, package managers, aliases)
* **Alias benefits**: Aliases created by admins benefit all workspaces organization-wide
* **Workspace isolation**: Component matching work in one workspace doesn't affect other workspaces' components

## **Matched to NVD status**

This status means the component has an exact match with software listed in the National Vulnerability Database (NVD). This means there was an exact match for your component in the NVD, and that it has associated vulnerabilities, so you can start [prioritizing and remediating](https://helm.docs.medcrypt.com/manage-vulnerabilities/manage-vulnerabilities) these risks.

## **Matched to package manager**

This status shows that a component is matched to a package manager but is not found in the NVD, thus it will not show any vulnerabilities. Note that sometimes package managers might use different names or PURLs than the NVD, so you should check the NVD to make sure your component isn’t listed under a different name. Refer to [Match or rematch components](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information.

If matched to a package manager Package URL (PURL), it will have a badge of the package manager, such as Cargo, PyPI, NPM, or NuGet.&#x20;

## **Matched to alias**

The **Matched** status with an **ALIAS** badge indicates that a component was matched according to an [alias rule](https://helm.docs.medcrypt.com/match-components/create-and-manage-alias-rules-to-match-and-rematch-components-across-all-products). Refer to [Match or rematch components](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information.

### **Other successful matches:**

* **Matched to CPE:** If you see a component that has a **Matched** status with an **NVD** badge and **CPE** badge, that means that there this component has at least one vulnerability that has been reported in the NVD. A CPE is only assigned to software when a vulnerability has been reported in the NVD. Refer to [Match or rematch components](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information. CPE is considered the strongest match.
* **Matched to name:** The Matched status with a NAME badge indicates that the component name/version/supplier combo exactly matches a known component name/version/supplier combo.
* **Matched by user:** The **Matched** status with a **USER** badge indicates that this was manually matched by a user on this account. If the user created an alias rule while matching, it will be considered an **Alias** match.&#x20;

### **Select match**&#x20;

This status indicates that Helm has found multiple potential matches using identifiers like CPE, PURL, alias, or name. You can click the badge or the primary action link to review and assess the suggested matches. Refer to [Resolve match statuses](https://helm.docs.medcrypt.com/match-unmatched-components#resolve-select-match-or-not-found-status) for more information.

### **Not found**

The Not found status will show which sources were searched. This indicates that the component does that match any known software in the NVD or supported package managers. Refer to [Resolve match statuses](https://helm.docs.medcrypt.com/match-unmatched-components#resolve-select-match-or-not-found-status) for more information.

### **Create an alias rule to automatically link to known software**

Administrators can create [alias rules](https://helm.docs.medcrypt.com/match-components/create-and-manage-alias-rules-to-match-and-rematch-components-across-all-products) to match any components in your SBOM that have multiple matches or are unmatched to known software components in the NVD.&#x20;

### **Other statuses**

* **Scanning:** This is an interim status that indicates that Helm is processing this match. If you have been waiting and haven't seen this update, try refreshing the page.
* [**Fix version:**](https://helm.docs.medcrypt.com/match-unmatched-components#resolve-fix-version-status) The software version provided for this component does not match the expected version. This issue should be rare. If you see this, you will also see a warning icon next to the version. Refer to [Resolve match statuses](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information on resolving this issue.&#x20;
* [**Contact us:**](https://helm.docs.medcrypt.com/match-unmatched-components#resolve-fix-version-status) Helm was unable to parse this version. We have logged this issue and will work to resolve it quickly. Refer to [Resolve match statuses](https://helm.docs.medcrypt.com/match-components/match-unmatched-components) for more information on resolving this issue.&#x20;
* **Error:** Some other error occurred while trying to parse this component. [Contact us](mailto:support@medcrypt.com) for help in resolving this issue.

### **Automatic enrichment**

If the component has a correct CPE or PURL identifier but incorrect supplier information, our system will add an Enriched CPE or Enriched PURL field, to preserve your original data. If we're able to identify a CPE or PURL for your component that is missing in your SBOM, we'll automatically add that to these fields for you to ensure a unique match.&#x20;

### **Automatic de-duplication**

Helm checks CPE and PURL IDs to determine if a component is unique. If a duplicate is detected, it will automatically be removed to streamline your SBOM management.