Open Source Components
Last updated
Last updated
The Open Source Components page provides a comprehensive view of all your project(s) dependencies :
You can reach the Open Source Components page either by selecting Components in the Navigation Bar or selecting the Components tab of any page of the Components section.
Indeed, this page is an Inventory view of your dependencies, so please go to Inventory - Components for a full description.
An important filter field is Alert Type. This filter allows you to see those dependencies with License warnings, dependencies tagged as with Malware code, or Obsolete dependencies.
Filtering by Licensing allows you to see those dependencies with some kind of License warning.
Basically, a Licensing Compliance Alert has to do with usage of Copyleft licenses.
Filtering by Malware allows you to see those dependencies with some kins of malware.
Malware alerts may come from two possible sources:
1.- For "known" malware, Xygeni takes the information from public sources (NIST's NVD, GitHub Advisory Database and OSV among others )
2.- For "unknown" malware, Xygeni provides a Malware Early Warning functionality that continuously conducts a real-time scan to detect and block malware based on code behavior analysis. See Malware Early Warning for further details.
Known malware information come from public CVEs (NVD and OSV mainly). Therefore, the details of the issue are according to the public CVE. See Public Vulnerabilities (CVEs) for further details.
For malware detected by Xygeni, the details are richer. See Malware details (MEW) for further details.
Components with License alerts can be identified by icon.
Clicking on the icon of a component with License alert will open a Summary slide with details of the component:
Components with Malware alerts can be identified by icon.
Clicking on the icon of a component with Malware alert will open a Summary slide with details of the component:
