# Frequently Asked Questions

## Can I use an external vulnerability scanner and report those results to Ketryx?

## How can I clear my SBOM that I uploaded via the Build API?

## How can I update my SBOM that I already uploaded through the Ketryx Build API?

## How can I set up post-market vulnerability notifications for a specific release?

## Can I use Ketryx to document threat models in my system?

## Does Ketryx support C# dependency scanning?

## Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?

## Why are there fewer dependencies in the Ketryx SBOM module than parsed and shown on the build page?

## Do open source SBOM generation tools introduce risk?

## I submitted a spdx file via the Build API. Why aren't any or all dependencies loading in Ketryx?

## Can Ketryx scan for dependencies outside of the built-in dependency scanner languages?

## What languages does Ketryx built-in dependency scanning support?

## How frequently does Ketryx scan the repository?

## How is our connected source code repository processed by Ketryx?

## How can I use "Release ref pattern" for connected repositories in the Ketryx project settings?

## How can I use "Analyzed branch or tag" for connected repositories in the Ketryx project settings?

## Can I restrict which files from my repository are considered when Ketryx scans for dependencies?

## What is the difference between the release vulnerability report and the "on-demand" vulnerability report data grid option on the Vulnerabilities page?

## Can I use Ketryx for C# dependencies management if I have Snyk or FOSSA?

## How do I have each component of my medical device upload an SBOM independently? When using the GitHub action to upload an SBOM, why does a specific version override the content of what I had previously uploaded?

## If we utilize different scanners, does Ketryx take this into account so we know what we have mitigated and what we haven't?

## Does Ketryx integrate with multiple vulnerability scanners beyond what is native in Ketryx?

## How does Ketryx manage vulnerabilities as opposed to product and patient related risks?

## How do I enable transitive dependencies for my SBOM?

## Why don't cybersecurity risk management fields copy over across all projects that share a repository in the SBoM module? Do I have to copy over information from the other project or is there an easy way to move this data?

## Does Ketryx offer integration with Git but not with GitHub for managing requirements, specifications, and test cases? Should these be written as markdown files instead of GitHub issues?

## What package managers does Ketryx support and how does Ketryx utilize these package managers for its operations?

## What are "used dependencies"?

## How can I add a private repository?

## How can I use the SOUP dependency analysis feature?
