Versions Compared

Old Version 26

changes.mady.by.user Milica Ristic

Saved on

compared with

New Version 27

changes.mady.by.user Milica Ristic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Libraries alert types:
    • New Versions - The total count of outdated libraries (counts the libraries that have newer versions)
    • Multiple Versions - Multiple versions of the same library are in use
    • Multiple Licenses - An alert is triggered for any library that has more than one license. 
  • Security alerts:
    • Per-Library Alerts - The total number of libraries with vulnerability alerts (for example, the alert count for a Product with two Projects where each features an alert for the same library will be "one" and will be displayed in one row noting two project occurrences.)
    • Per-Vulnerability Alerts - The total number of vulnerability alerts 
  • The Libraries table shows detailed information about the product’s (project's) libraries (components).  The following attributes are listed:
    • Library: Clicking the library name redirects you to the specific library page.
    • Licenses: The licenses that are associated with the library.
    • Occurrences: The number of occurrences of the library per project.

The Library table in the header has a link to the Inventory Report.  This report is a tabular view of detailed information about open source libraries. The Inventory Report provides the following columns of information per library:

  • Library Name - the standard name of the library

  • Type -  indicates whether the library is a source library

  • Description - short functional description of the library

  • Licences - licences associated with the library

  • Match Type - can be one of the following:

    • Exact match - the library was matched by SHA-1 checksum

    • Best match - source file was matched by SHA-1 checksum; library assigned to a source library by best match

    • Filename match- library could not be matched by SHA-1 checksum but matched the filename

    • Suspected match - library match is expected and will be updated with the exact match

  • Occurrences - number of all instances in which the library is used in any project in the organization (you can click the details link to see the name of the project(s) and their associated product names)


Detailed information about the licences (Licence DistributionAnalysis)

This section provides an overview of the license distribution of the organization (or product, project), showing which licences are used and how many libraries are associated with each license.  The distribution of licences is shown in the pie chart. The following information is displayed for each licence:

  • Name - Name of the licence
  • Occurrences - Number of occurrences by libraries
  • Copyright - Copyright Risk Score which is a measurement of the copyright risk 

The Project dashboard within this section has a link View In Due Diligence Report. This report is a tabular view of detailed information about all detected licences. TheDue Diligence Reportprovides the following columns of information:

  • License - the name of the licence for the library

  • License Type - the type of licence (Open Source, Closed Source, Unknown)

  • Risk - the licence copyright risk score (for details, see Risk Score Attribution)

  • Library - the name of the open-source library. (click the library name to be forwarded to its Library Details page)

  • License Reference - includes an indication as to where the licence was found

  • Copyright - the range of years for the library's copyright

  • Homepage - link to the homepage of the library

  • Author - name of the author of the library

  • Project - the project where the library is used

  • Product - the product where the library is used

  • Custom Attribute -  displayed only if a custom attribute was selected in Select Custom Attribute in the scope area

  • Level - the level of the licence, root or nested

Finding your product and projects

...

The Project page displays detailed information about a specific project within a previously selected product. It can be accessed from the Projects menu item in the main menu.

Significant tables and charts and how to find, customise and interpret them...

Libraries and dependencies

Licenses

Interpreting WS information about licences




The difference in interpreting the presence of a problematic library when assessing the situation vs exploring license compatibility and compliance options vs checking compliance with the established product's licence

...