security

CPE

Common Platform Enumeration

Definition

CPE is a standardized naming scheme for IT systems, platforms, and packages maintained by NIST. CPE names uniquely identify software products (e.g., cpe:2.3:a:apache:log4j:2.14.1) so that vulnerability databases can precisely describe which versions are affected.

SCA tools use CPE matching to correlate SBOM components against NVD vulnerability records.

Related Terms

NVD

National Vulnerability Database

CVE

Common Vulnerabilities and Exposures

SBOM

Software Bill of Materials

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product