Open Source Components
The Open Source Components page provides a comprehensive view of all your project(s) dependencies :
You can reach the Open Source Components page either by selecting Components in the Navigation Bar or selecting the Components tab of any page of the Components section.
Indeed, this page is an Inventory view of your dependencies, so please go to Inventory - Components for a full description.
Component's Alert Type
An important filter field is Alert Type. This filter allows you to see those dependencies with License warnings, dependencies tagged as with Malware code, or Obsolete dependencies.
Licensing Risks
Filtering by Licensing allows you to see those dependencies with some kind of License warning.
Basically, a Licensing Compliance Alert has to do with usage of Copyleft licenses.
Dependencies with Malware
Filtering by Malware allows you to see those dependencies with some kins of malware.
Malware alerts may come from two possible sources:
1.- For "known" malware, Xygeni takes the information from public sources (NIST's NVD, GitHub Advisory Database and OSV among others )
2.- For "unknown" malware, Xygeni provides a Malware Early Warning functionality that continuously conducts a real-time scan to detect and block malware based on code behavior analysis. See Malware Early Warning for further details.
Known malware information come from public CVEs (NVD and OSV mainly). Therefore, the details of the issue are according to the public CVE. See Public Vulnerabilities (CVEs) for further details.
For malware detected by Xygeni, the details are richer. See Malware details (MEW) for further details.
Last updated