# Why Does Aikido Not Find a Specific Vulnerability or CVE Inside a Dependency In some cases Aikido will show less vulnerabilities than other tools. This can have multiple explanations: * The vulnerability is auto-ignored by the Aikido rule engine. Aikido tries to avoid false postivies. In this case you will find the vulnerability under the ['Ignored' view](https://app.aikido.dev/issues/ignored) in the sidebar. You'll also find an explanation of why Aikido thinks this vulnerability does not impact you. * The vulnerability could be marked as a developer-only dependency. **By default**, Aikido will not report vulnerabilities for dependencies that are only installed on the developer machine. The assumption here is that they will not ship to production and won't impact the security of your live product. Examples of such dependencies are: * Dev dependencies in npm's package.json * dependencies marked with scope=test in Java's pom.xml {% hint style="success" %} It is possible to have Aikido scan for dev dependencies. [More information can be found here](/code-scanning/scanning-practices/scanning-dev-dependencies-for-cves.md). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/code-scanning/miscellaneous/why-does-aikido-not-find-a-specific-vulnerability-or-cve-inside-a-dependency.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.