Component Details Window

The following window is displayed when you click next to an OSS or third-party component listed in the following locations:

The Component Name column on the Component tab on the Global Component & Lookup page.
The Component field on the Inventory Details tab in the Analysis Workbench.

The window shows publicly available information about the component, including the following properties.

Component Details Window

Column/Field

Description

Component

The name of the OSS or third-party component and its internal ID, as identified in the Code Insight Data Library.

If you are on the Inventory Details tab in the Analysis Workbench, you can associate the current inventory item with a different component (see Editing Inventory from the Analysis Workbench).

Version

The component version and its internal ID, as identified in the Code Insight Data Library.

If you are on the Inventory Details tab in the Analysis Workbench, you can associate the inventory item with a different version of the component (see Editing Inventory from the Analysis Workbench).

Forge

The external repository associated with the component. You can click the forge link to open the forge website.

Possible Licenses

License candidates associated with this component. Click the icon next to a given license to view information about the license on the License Details Window.

Custom Component

The Yes or No value indicating whether the component is custom (created by a user) or provided as part of the Code Insight Data Library

Vulnerabilities

A bar graph showing the count of known vulnerabilities by severity color for the component. Click the graph to view the list of vulnerabilities and their details. For details about the graph and vulnerabilities in general, see Security Vulnerabilities Associated with Inventory.

If no vulnerabilities have been found for the inventory item, the value No is displayed in place of the graph.

Encryption

The Yes, No, or N/A value indicating whether the component provides the encryption capabilities used in your product or whether these capabilities are not applicable. Encryption can affect export controls.

CPE

The list of CPE names—from the National Vulnerability Database—that are mapped to the component. CPE (Common Platform Enumeration) is a structured naming scheme that includes the component’s vendor and product names in the following format:

cpe://<part>:<vendor>:<product

where <part> is either a (applications), h (hardware platforms), or o (operating systems).

Note:The data provided represents only the part, vendor, and product; the version information is truncated from the CPE string.