How do I know when software has been successfully matched?
Last updated
Was this helpful?
Last updated
Was this helpful?
This status indicates that the component has an exact match with software listed in the National Vulnerability Database (NVD). This status confirms that the software has reported vulnerabilities, which are visible on the page for the respective product version. Components with a correct CPE or PURL identifier but incorrect supplier information are automatically corrected and matched by our system.
This status indicates that Helm found multiple potential matches using one or more . Refer to to try to uniquely identify this component.
This status indicates that a dependency component is matched to a package manager but is not found in the NVD. Refer to and for more information.
For components that do not match any known software in the NVD or supported package managers, refer to to try to identify this component.
You can use to match any components in your SBOM that have multiple matches or are unmatched to known software components in the NVD. Administrators can create new aliases.
Scanning: This is an interim status that indicates that Helm is processing this match. If you have been waiting and haven't seen this update, try refreshing the page.
Helm checks CPE and PURL IDs to determine if a dependency component is unique. If a duplicate is detected, it will automatically be removed, streamlining your SBOM management.
Fix version: The software version provided for this dependency component does not align with the expected version. If you see this, you will also see a warning icon next to the version. Refer to for more information on resolving this issue.
Contact us: Helm was unable to process this version. We have logged this issue and will try to rectify it quickly. Refer to for more information on resolving this issue.
Error: Some other error occurred while trying to process this component. This should be extremely rare. for help in resolving this issue.