Versions Compared

Old Version 29

changes.mady.by.user Milica Ristic

Saved on

compared with

New Version 30

changes.mady.by.user Milica Ristic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Many things are shown on the WhiteSource dashboard. To understand them, read the following text which is focused on licenses licences and interpretation of the provided data for GEANT.

...

  • Libraries alert types:
    • New Versions - The total count of outdated libraries (counts the libraries that have newer versions)
    • Multiple Versions - Multiple versions of the same library are in use
    • Multiple Licenses Licences - An alert is triggered for any library that has more than one licenselicence. 
  • Security alerts:
    • Per-Library Alerts - The total number of libraries with vulnerability alerts (for example, the alert count for a Product with two Projects where each features an alert for the same library will be "one" and will be displayed in one row noting two project occurrences.)
    • Per-Vulnerability Alerts - The total number of vulnerability alerts 
  • The Libraries table shows detailed information about the product’s (project's) libraries (components).  The following attributes are listed:
    • Library : - Clicking the library name redirects you to the specific library page.
    • Licenses: Licences - The licenses licences that are associated with the library.library  
    • Occurrences : - The number of occurrences of the library per project.

The Library table in the header has a link to the Inventory Report. This report is a tabular view of detailed information about open source libraries. The Inventory Report provides the following columns of information per library:

  • Library Name - the The standard name of the library

  • Type -  indicates   Indicates whether the library is a source library

  • Description - short Short functional description of the library

  • Licences - licences Licences associated with the library

  • Match Type - can be one of the following:

    • Exact match - the The library was matched by SHA-1 checksum

    • Best match - source Source file was matched by SHA-1 checksum; library assigned to a source library by best match

    • Filename match- library Library could not be matched by SHA-1 checksum but matched the filename

    • Suspected match - library Library match is expected and will be updated with the exact match

  • Occurrences - number Number of all instances in which the library is used in any project in the organization (you can click the details link to see the name of the project(s) and their associated product names)

...

The Project dashboard within this section has a link View In Due Diligence Report. This report is a tabular view of detailed information about all detected licences. TheDue Diligence Reportprovides the following columns of information:

  • License - the The name of the licence for the library

  • License Type - the The type of licence (Open Source, Closed Source, Unknown)

  • Risk - the The licence copyright risk score (for details, see Risk Score Attribution)

  • Library - the The name of the open-source library. (click the library name to be forwarded to its Library Details page)

  • License Reference - includes Includes an indication as to where the licence was found

  • Copyright - the The range of years for the library's copyright

  • Homepage - link Link to the homepage of the library

  • Author - The name of the author of the library

  • Project - the The project where the library is used

  • Product - the The product where the library is used

...

Interpreting License Compatibility Report

The License Compatibility Report provides information on the compatibility of libraries with different software licenses distributed together in the same product or project. 

...

Understanding the Report Data

The License Compatibility Report provides the following columns of information in a table:

  • Library -

...

  • The name of the open source library that has a license conflict

  • Licence -

...

  • The library's license

  • Incompatible with Licence -

...

  • The licence to which the library's licence is incompatible

  • Incompatibility Type -

...

  • Displays the type of licence for which there is an actual, suspected or potential incompatibility:

    • Incompatible -

...

    • The library’s licence is fundamentally incompatible and cannot be used under any circumstance

    • Suspected -

...

    • A suspected incompatibility is displayed when the licence compatibility is dependent on the library’s hierarchy within the Product or Project, and the library’s hierarchy is unknown

    • Potential -

...

    • The library being evaluated is licenced under multiple licenses, meaning that you can choose under which licence the library will be licensed

  • Incompatibility Occurrences -

...

  • Displays the number of libraries that include the suspected or actual incompatible licence. When the scope is a product, it also displays the number of projects that are impacted by the incompatibility

Customising visibility

The GEANT WhiteSource admins can always see all scanned GEANT products.

...