---
title: "What are \"used dependencies\"?"
description: "Used Dependencies are for managing Software of Unknown Provenance (SOUP) in the Ketryx Dependencies Module."
category: "Frequently Asked Questions"
section: "Supply Chain Management Software Dependencies"
keywords: ["dependencies dependencies", "soup", "manufacturer", "software", "sbom", "dependency", "configuration additionally", "unknown"]
source_url: "https://support.ketryx.com/hc/en-us/articles/21759819175565-What-are-used-dependencies"
last_reviewed: 2026-06-11
---

# What are "used dependencies"?

> **In short:** Used Dependencies are for managing Software of Unknown Provenance (SOUP) in the Ketryx Dependencies Module.

Used Dependencies are for managing Software of Unknown Provenance  (SOUP) in the Ketryx Dependencies Module. IEC 62304 Section 8.1.2 states

_“For each SOUP Configuration Item being used, including standard libraries, the manufacturer shall document:_

1. _The title_
2. _The manufacturer, and_
3. _The unique soup designator..._

_Of each Soup Configuration item being used."_

Additionally, the FDA has released cybersecurity best practices & SBOM guidance for medical devices.

The “used dependencies" field in Jira allows you to trace identified software items to dependencies used in your code. If a dependency shows an unacceptable vulnerability, this field may assist with identifying which software item specifications are affected by the dependency during your dependencies review process.

See [this article](https://www.ketryx.com/blog/fda-drops-an-sbom) for more information concerning cyber security and SBOM compliance.

## Related articles

- [Can I link git-based Software Items Specifications to dependencies, in Git?](can-i-link-git-based-software-items-specifications-to-dependencies-in-git.md)
- [Why don't cybersecurity risk management fields copy over across all projects that share a repository in the SBoM module? Do I have to copy over information from the other project or is there an easy way to move this data?](why-don-t-cybersecurity-risk-management-fields-copy-over-across-all-projects.md)
- [What is a configuration item?](what-is-a-configuration-item.md)
- [Can I use Ketryx for C# dependencies management if I have Snyk or FOSSA?](can-i-use-ketryx-for-c-dependencies-management-if-i-have-snyk-or-fossa.md)
- [Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?](why-are-there-differences-between-the-vulnerabilities-shown-in-the-sbom-module.md)
