Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?

Laura Easton
Laura Easton
  • Updated

 

The primary reason that there may be differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page is that the parsed file contains transitive dependencies. By default, the build page will display a flat list of all dependencies, and the SBOM page will only show a list top-level dependencies. Vulnerabilities on the Vulnerabilities page are displayed for all dependencies, top-level and transitive. For more on vulnerability management, please see our documentation.

If you want transitive dependencies to appear on the SBOM page you can enable the 'create-transitive dependency items' advanced setting. Note: enabling this setting may lead to a significant number of dependencies in the SBOM module.

 

 

Related to

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.