What are they?

When a SOOS SCA, SBOM, or Container scan is unable to locate information for a package, this is reported as an "Unknown Package" issue in your Issues list.

What does this mean?

Some potential explanations that SOOS is unable to locate the package information are:

  • This package version either no longer exists, is not referenced, or never existed.
  • This package is internal to your organization, in which case you should update your package mask under Configure > Packages. Here's more about using Package Masks.
  • We haven't learned about this package or package version yet, but we are trying to gather more information for future scans.

What can I do about it?

When an unknown package is reported for a scan SOOS will continue to attempt to locate the package.  If/when the package is found the details will update in your project the next scan.

If the package is unknown because it is an internal package, SOOS will not be able to locate it to provide details.  If this is the case, access the Configure page to create a package mask. Read about how to create a package mask and the other benefits of setting up package masks in our Using Package Masks article.

Note - be aware that SOOS cannot provide an assessment of the presence (or absence) of vulnerabilities and/or license identification for unknown packages.