---
title: "I submitted a spdx file via the Build API. Why aren't any or all dependencies loading in Ketryx?"
description: "Ketryx can scan SPDX files, reported to Ketryx via the Build API, to extract crucial information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), and checks direct and indirect (transitive) dependencies for vulnerabilities."
category: "Frequently Asked Questions"
section: "Supply Chain Management Software Dependencies"
keywords: ["spdx", "submitted", "loading", "file build", "build api", "dependencies", "defined version", "aren"]
source_url: "https://support.ketryx.com/hc/en-us/articles/33377788131981-I-submitted-a-spdx-file-via-the-Build-API-Why-aren-t-any-or-all-dependencies-loading-in-Ketryx"
last_reviewed: 2026-06-11
---

# I submitted a spdx file via the Build API. Why aren't any or all dependencies loading in Ketryx?

> **In short:** Ketryx can scan SPDX files, reported to Ketryx via the Build API, to extract crucial information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), and checks direct and indirect (transitive) dependencies for vulnerabilities.

Ketryx can scan SPDX files, reported to Ketryx via the Build API, to extract crucial information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), and checks direct and indirect (transitive) dependencies for vulnerabilities. Ketryx parses the SPDX file and creates dependencies as defined within these files. If you have submitted a file and are not seeing dependencies in the Ketryx SBOM and Vulnerability modules, it may be due to one of the following reasons:

**The version selected in the SBOM and Vulnerabilities module does not align with the commit**

Under build history there may or may not be a defined Version. If there is a defined version, you will only see dependencies in the SBOM and vulnerability modules if the defined Version is selected from the dropdown options.

**File format**

Ketryx supports SPDX files in JSON format, for the Version 2.2 and 2.3 of the SPDX specification. Parsing of dependencies in other formats is not currently supported. Such SPDX files in JSON format can be generated with a variety of tools ( [see documentation for tools to support spdx generation](https://docs.ketryx.com/manuals/man-03-supply-chain-management-software-dependencies/spdx#id-4.-supported-spdx-formats)).

**File does not include expected dependences**

If the file generated/ submitted does not include expected dependences, Ketryx will not parse them and populate the SBOM module. To validate the quality of your generated file, please review the latest build submission via the Ketryx History Module.

![Screenshot 2025-01-10 at 10.31.10 AM.png](https://support.ketryx.com/hc/article_attachments/33377799742477)

**An error submitting the file**

If you do not see the relevant file in the History module, there may have been an error with the commit. Please review our [Build API documentation.](https://docs.ketryx.com/api/build-api)

## Related articles

- [Can Ketryx scan for dependencies outside of the built-in dependency scanner languages?](can-ketryx-scan-for-dependencies-outside-of-the-built-in-dependency-scanner.md)
- [Can I use Ketryx for C# dependencies management if I have Snyk or FOSSA?](can-i-use-ketryx-for-c-dependencies-management-if-i-have-snyk-or-fossa.md)
- [Does Ketryx integrate with multiple vulnerability scanners beyond what is native in Ketryx?](does-ketryx-integrate-with-multiple-vulnerability-scanners-beyond-what-is.md)
- [Does Ketryx support C# dependency scanning?](does-ketryx-support-c-dependency-scanning.md)
- [How do I enable transitive dependencies for my SBOM?](how-do-i-enable-transitive-dependencies-for-my-sbom.md)
