Components

The Components Inventory page displays information about all the components (3rd party dependencies) your project or group depends upon.

You can reach the Inventory's Components page by selecting the Components tab at the top of any Inventory page.

The Components Inventory page displays the following information:

  • Total number of components and average per project

  • Total number of Direct dependencies (i.e. those explicitly declared in your package manager's manifest files)

  • Number of components with security risk associated

  • Charts about the distribution of components by repository, ecosystem and language

  • A table with listing all the present components

An important filter is Dependency Type (direct or indirect). This filter allows you to see those dependencies explicitly declared and those that are transitive.

Another important filter is Alert Type. This filter allows you to find dependencies with License warnings, dependencies tagged as with Malicious code, or Obsolete dependencies. See Component's Alert Type for a full description.

Clicking on the icon of any component will open a Summary slide with details of the component:

  • Ecosystem (npm, maven, etc)

  • Provenance (the parent component in case of a transitive dependency)

  • Data about the publisher of the component

  • Malware Score

  • Latest available version and publication date

  • License detected and type

The Issues tab shows information about vulnerabilities of the component.

Last updated