Global Component & License Lookup
Previously, users could search components and look up license details as found in the Code Insight data library only when they created and edited inventory within a project. This release introduces the Global Component & License Lookup feature, which enables users to explore components and licenses in the data library outside the context of project inventory.
This type of exploration might be useful, for example, when a current inventory component is associated with security vulnerabilities. Users can perform a global search on the data library to look for components and their versions associated with less severe vulnerabilities (or no vulnerabilities). The results of such a search can help the user to decide whether to replace the current inventory component with another more secure one.
To access this feature, go the Code Insight main menu (
) and navigate to the DATA LIBRARY > Global Component & License Lookup tab.
The following sections provide an overview of Global Component & License feature:
| • | Exploring Components |
| • | Exploring Licenses |
From the Global Component & License Lookup > Components tab, you can search components by component name, forge URL, or forge and repository name. The list of search results provides several way to explore individual components.
For example, you can look up details about a component, view information about a component’s licenses, and access the third-party web page of a component’s project or repository within its forge. You can also open a separate Versions for <component> window that lets you research the security vulnerabilities associated with each version of a given component.
On the Versions for <component> window, an interactive bar graph for a given version provides vulnerability totals by severity. When the graph is clicked, another window is opened, providing details about each vulnerability associated with the component version and giving you the option to suppress any of these vulnerabilities for the version if necessary.
The Global Component & License Lookup > Licenses tab enables users to search the Code Insight data library for a specific OSS or third-party license by name. The Licenses tab is populated with attributes describing the selected license.
