The primary reason that there may be differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page is that the parsed file contains transitive dependencies. By default, the build page will display a flat list of all dependencies, and the SBOM page will only show a list top-level dependencies. Vulnerabilities on the Vulnerabilities page are displayed for all dependencies, top-level and transitive. For more on vulnerability management, please see our documentation.
If you want transitive dependencies to appear on the SBOM page you can enable the 'create-transitive dependency items' advanced setting. Note: enabling this setting may lead to a significant number of dependencies in the SBOM module.
Related to
Comments
0 comments
Article is closed for comments.