question: "No Known Vulnerability" count in report summary

[jni2000]

First of all, I apologize for posting this question here if this is not the right place. I did not see any other places to ask questions, My question is about the three counts in the summary of a scan report, "Total Scanned Files", 'Vulnerable Files" and "No Know Vulnerability". Should "Total Scanned Files" = 'Vulnerable Files" + "No Know Vulnerability" ? If not, what does "No Know Vulnerability" count mean ?

I did read the source codes and the counts shown in this summary seem to mean "products", not "files". If so, the "Vulnerable Files" count shown in the upper right corner of the summary pipe chart and what is shown in the pipe chart itself is a bit confusing - mixed file counts and product counts in the pipe chart.

If otherwise, the equation is correct, I will report an issue. In my scan report,

"Total Scanned Files" = 19805,
'Vulnerable Files" = 10,
"No Know Vulnerability" = 19 (is this presented as ~19K? )

How shall I interrupt the above counts?

Thanks a lot.

[terriko]

This is the right place!

"No known vulnerability" means "we identified a specific component, but the version we found does not have any vulnerabilities"

So it's stronger than "we scanned a file and didn't find anything" and gives you an idea of how many components were identified in the scan. (19 non-vulnerable + 10 vulnerable ones, although since the 10 is files it's possible that some of those are duplicates)

I wonder if there's a concise but more clear way to say that? Maybe "Identified components with no known vulnerability"