Q: When I look at the statistics, I see a mismatch. It says on the one hand that 56 components show violations, while only 46 are explainable from the Vulnerabilities and Versioning statistics. How can this happen?
A: There are more aspects to the overall component status than only legal, vulnerabilities and vulnerabilities that influence the overall component status. Not all of them are shown in the overview, which may lead to such irritations.
In the sample given above, you have 170 components in your module. The 169 in the vulnerabilities indicates, that there is one vulnerability. If you hover the right corner, you will see the "1", which is squeezed to the right end of the vulnerabilities bar.
Together with the 45 versioning issues that appear, this sums up to 46. The remaining delta could either be due to manual violation assignments or viability violations.
To verify this, use the filtering at the top of the components list. Select the heart for viability and deselect green and yellow. The list should show the missing violations.
This example shows 12. The delta would have been expected to be 10. But the vulnerability in this case has not been a violation but just a warning. Thus it is yellow and does not count into the red, leaving the delta at 11.
In addition one versioning violation has been manually muted. Thus, it still counts into versioning violation but will not appear in the component status as violation. This leaves room for the 12th viability violation.
So you you may rely on the figures. But sometimes it requires a bit of research to understand, why they sum up how they do. We hope this example provides a bit of clarification on this complex counting topic.