Supply Chain Management: Software Dependencies – Ketryx

Frequently Asked Questions

Can I use an external vulnerability scanner and report those results to Ketryx?

How can I clear my SBOM that I uploaded via the Build API?

How can I update my SBOM that I already uploaded through the Ketryx Build API?

How can I set up post-market vulnerability notifications for a specific release?

Can I use Ketryx to document threat models in my system?

Does Ketryx support C# dependency scanning?

Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?

Why are there fewer dependencies in the Ketryx SBOM module than parsed and shown on the build page?

Do open source SBOM generation tools introduce risk?

I submitted a spdx file via the Build API. Why aren't any or all dependencies loading in Ketryx?

Can Ketryx scan for dependencies outside of the built-in dependency scanner languages?

What languages does Ketryx built-in dependency scanning support?

How frequently does Ketryx scan the repository?

How is our connected source code repository processed by Ketryx?

How can I use "Release ref pattern" for connected repositories in the Ketryx project settings?

How can I use "Analyzed branch or tag" for connected repositories in the Ketryx project settings?

Can I restrict which files from my repository are considered when Ketryx scans for dependencies?

What is the difference between the release vulnerability report and the "on-demand" vulnerability report data grid option on the Vulnerabilities page?

Can I use Ketryx for C# dependencies management if I have Snyk or FOSSA?

How do I have each component of my medical device upload an SBOM independently? When using the GitHub action to upload an SBOM, why does a specific version override the content of what I had previously uploaded?

If we utilize different scanners, does Ketryx take this into account so we know what we have mitigated and what we haven't?

Does Ketryx integrate with multiple vulnerability scanners beyond what is native in Ketryx?

How does Ketryx manage vulnerabilities as opposed to product and patient related risks?

How do I enable transitive dependencies for my SBOM?

Why don't cybersecurity risk management fields copy over across all projects that share a repository in the SBoM module? Do I have to copy over information from the other project or is there an easy way to move this data?

Does Ketryx offer integration with Git but not with GitHub for managing requirements, specifications, and test cases? Should these be written as markdown files instead of GitHub issues?

What package managers does Ketryx support and how does Ketryx utilize these package managers for its operations?

What are "used dependencies"?

How can I add a private repository?

How can I use the SOUP dependency analysis feature?