---
title: "How does Ketryx manage vulnerabilities as opposed to product and patient related risks?"
description: "Ketryx automatically detects vulnerabilities in your repositories and presents them on the Vulnerabilities page within the SBOM module. The process to manage these vulnerability records is described here."
category: "Frequently Asked Questions"
section: "Supply Chain Management Software Dependencies"
keywords: ["manage vulnerabilities", "opposed", "patient", "risks", "related", "cybersecurity", "product", "risk"]
source_url: "https://support.ketryx.com/hc/en-us/articles/26344769795853-How-does-Ketryx-manage-vulnerabilities-as-opposed-to-product-and-patient-related-risks"
last_reviewed: 2026-06-11
---

# How does Ketryx manage vulnerabilities as opposed to product and patient related risks?

> **In short:** Ketryx automatically detects vulnerabilities in your repositories and presents them on the Vulnerabilities page within the SBOM module. The process to manage these vulnerability records is described here.

Ketryx automatically detects vulnerabilities in your repositories and presents them on the Vulnerabilities page within the SBOM module. The process to manage these vulnerability records is described [here](https://docs.ketryx.com/manuals/man-03-supply-chain-management-software-dependencies/vulnerability-management).

You are able to connect dependencies and vulnerabilities to items in the ALM, such as Requirements, Software Items, Risks and Tests to align your cybersecurity risk management with the other processes in the SDLC.

The Ketryx Platform presents a default risk framework that uses the same default risk assessment methodology for all risks. However, the organization owner may [configure](https://docs.ketryx.com/reference/advanced-settings#risk-configuration) risk fields and matrices differently based on the Risk type (i.e. cybersecurity)

## Related articles

- [Why don't cybersecurity risk management fields copy over across all projects that share a repository in the SBoM module? Do I have to copy over information from the other project or is there an easy way to move this data?](why-don-t-cybersecurity-risk-management-fields-copy-over-across-all-projects.md)
- [Can I use an external vulnerability scanner and report those results to Ketryx?](can-i-use-an-external-vulnerability-scanner-and-report-those-results-to-ketryx.md)
- [How do I configure Ketryx so that risks are automatically associated and prompt mitigation or reassessment when a requirement or test is updated?](how-do-i-configure-ketryx-so-that-risks-are-automatically-associated-and-prompt.md)
- [Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?](why-are-there-differences-between-the-vulnerabilities-shown-in-the-sbom-module.md)
- [How can we customize the dropdown options for probabilities and severities in the Ketryx risk management module to match our risk assessment criteria?](how-can-we-customize-the-dropdown-options-for-probabilities-and-severities-in.md)
