Lookup Component Window
The Lookup Component window is displayed when you click Lookup Component within the context a inventory item, with the purpose of letting you search for a new component-version-license instance to associate with the inventory item. The search is performed against the Code Insight data library to locate components that meet your criteria. The search results in a list of components, each component displayed with a set of details and a list of its available version-license instances.
Once you locate the desired component, you can select the appropriate version-license combination to associate with your inventory item. Alternatively, you can create your own instance. (Any custom version-license instances created for a component are made available at the system level for association with inventory in other projects.) If no component meets your criteria for the inventory item, the Lookup Component window provides access to a feature that lets you create a custom component.
|
Category |
|
Column/Field |
Description |
|||||||||
|
Search controls |
Use one of these fields to enter the criterion by which to search for a component or by which to create a custom component. |
|||||||||||
|
Search by |
Select the method by which to search component or to create a new component. |
|||||||||||
|
Keyword |
Select this option to search by a string in the component name or title. In the Keywords field, enter the string. If you are creating a new component, the string is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description. |
|||||||||||
|
URL |
Select this option to search by the URL of the third-party forge containing the component. In the URL field, enter the URL. If you are creating a new component, the URL is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description. |
|||||||||||
|
Forge |
Select this option, and then select the forge (and project repository) by which to search components. If you are creating a new component, the selected forge is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description. |
|||||||||||
|
Search |
Click this button obtain the search results. |
|||||||||||
|
Create New Component |
Click this button to open the New Custom Component window. Certain fields in this window are pre-populated with values based on the criterion you entered on the Lookup Component window. For information on creating a custom component, see Creating and Editing Custom Components. |
|||||||||||
|
Search results |
The results of the search is a list of components, each component with a set of details (see Component details) and a list of available version-license instances to which you can associate with the current inventory item (see Version-license instances). The following describes the information shown for each component listed. |
|||||||||||
|
Component details |
The details for a given component can include the component’s product logo, vendor content describing the component, and a link to the actual OSS or third-party product. It also includes the following component details from the Code Insight data library. |
|||||||||||
|
Component |
The name of the OSS or third-party component and its internal ID, as identified in the Code Insight data library. |
|||||||||||
|
Possible Licenses |
License candidates that can be associated with this component. |
|||||||||||
|
Custom Component |
The Yes or No value, indicating whether the component is custom (created by a user) or provided as part of the Code Insight data library. |
|||||||||||
|
CPE |
The list of CPE names—from the National Vulnerability Database—that are mapped to the component. CPE (Common Platform Enumeration) is a structured naming scheme that includes the component’s vendor and product names in the following format: cpe://<part>:<vendor>:<product> where <part> is either a (applications), h (hardware platforms), or o (operating systems). Note:The data provided represents only the part, vendor, and product; the version information is truncated from the CPE string. |
|||||||||||
|
|
Version-license instances |
The information for each component includes a list of its available version-license instances. (To toggle between showing or hiding the list, click Show Versions/Instances or Hide Instances.) From this list, you can do any of the following:
A bar graph is included with each instance to show its current security-vulnerability counts by severity level (if any). See Security Vulnerabilities Associated with Inventory for details. |
||||||||||
|
Use This Instance |
Click this button to associate the version-license instance with the inventory item you are currently creating or editing. You are directed back to the inventory item, now showing the new component-version-license association. |
|||||||||||
|
Register New Instance |
Click this button to add a new version-license instance to the component. From the Version dropdown, select an existing version associated with this component (as stored in the Code Insight data library), or create your own version. From the License dropdown, select an existing license associated with this component, or choose Select Your Own License to select or create a different license. New instances are made available at the global level for use by inventory in other projects. |
|||||||||||
|
Edit Custom Component |
(Available if the component is custom) Click this button to open the Edit Custom Component window to update the component properties. For information on editing a custom component, see Creating and Editing Custom Components. |
|||||||||||