Lookup Component Window

The Lookup Component window is displayed when you click Lookup Component within the context a inventory item, with the purpose of letting you search for a new component-version-license instance to associate with the inventory item. The search is performed against the Code Insight Data Library to locate components that meet your criteria. The search results in a list of components, each component displayed with a set of details and a list of its available version-license instances.

Once you locate the desired component, you can select the appropriate version-license combination to associate with your inventory item. Alternatively, you can create your own instance. (Any custom version-license instances created for a component are made available at the system level for association with inventory in other projects.) If no component meets your criteria for the inventory item, the Lookup Component window provides access to a feature that lets you create a custom component.

Lookup Component Window

Category

 

Column/Field

Description

Search controls

Use one of these fields to enter the criterion by which to search for a component to associate with an inventory item or to serve as a basis for creating a custom component.

Search by

Select the method by which to search components or to create a new component.

Keyword

Select this option to search by component name. In the Keyword field, enter a single string within the component name.

Note:The search is case-insensitive and thus filters to all component names containing the Keyword criterion, no matter the upper or lower case used in the criterion or in the actual component name.

If you are creating a new component, the string is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description.

 

 

URL

Select this option to search by the URL of the third-party forge where the component is found. For the URL value, enter the complete forge path, such as https://github.com/jquery/jquery, or a string in the path, such as jquery.

Note:The search is case-insensitive, so the results will include all components with a matching forge path or path string (whichever criterion you entered in the URL field), no matter the upper or lower case used in the criterion or in the actual component path.

If you are creating a new component, the URL is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description.

Forge

Select this option, and then select the forge (and project repository) by which to search components.

If you are creating a new component, the selected forge is used to pre-populate certain fields in the New Custom Component window. See the Create New Component description.

Search

Click this button obtain the search results.

Create New Component

Click this button to open the New Custom Component window. Certain fields in this window are pre-populated with values based on the criterion you entered on the Lookup Component window. For information on creating a custom component, see Creating and Editing Custom Components.

Search results

The results of the search is a list of components, each component with a set of details (see Component details) and a list of available version-license instances to which you can associate with the current inventory item (see Version-license instances). The following describes the information shown for each component listed.

Component details

The details for a given component can include the component’s product logo, vendor content describing the component, and a link to the actual OSS or third-party product. It also includes the following component details from the Code Insight Data Library.

Component

The name of the OSS or third-party component and its internal ID, as identified in the Code Insight Data Library.

Possible Licenses

License candidates that can be associated with this component.

Custom Component

The Yes or No value, indicating whether the component is custom (created by a user) or provided as part of the Code Insight Data Library.

CPE

The list of CPE names—from the National Vulnerability Database—that are mapped to the component. CPE (Common Platform Enumeration) is a structured naming scheme that includes the component’s vendor and product names in the following format:

cpe://<part>:<vendor>:<product

where <part> is either a (applications), h (hardware platforms), or o (operating systems).

Note:The data provided represents only the part, vendor, and product; the version information is truncated from the CPE string.

 

Version-license instances

The information for each component includes a list of its available version-license instances. (To toggle between showing or hiding the list, click Show Versions/Instances or Hide Instances.)

From this list, you can do any of the following:

Select a given version-license instance to associate with the current inventory item.
Select a new license for a given instance.
Register a new version-license instance for the component.
Designate that the license newly selected for an existing instance (or for one being registered) be mapped to all future inventory created by the system for the component version. This type of license is known as a “user-preferred license”. Instances mapped to a user-preferred license are displayed with the icon. (See Specifying a User-Preferred License Mapping for more information.)
If the component is custom, edit the component as needed.

A bar graph is included with each instance to show its current security-vulnerability counts by severity level (if any). See Security Vulnerabilities Associated with Inventory for details.

Use This Instance

Click this button to associate the version-license instance with the inventory item you are currently creating or editing. You are directed back to the inventory item, now showing the new component-version-license association. You can also select a different license for the instance from the Selected License dropdown. See the Register New Instance description below for further details.

 

 

Register New Instance

Click this button to add a new version-license instance to the component.

From the Version dropdown list, select an existing version associated with this component (as stored in the Code Insight Data Library), or create your own version.

From the Selected License dropdown list, select a license to associate with this component. See Specifying a User-Preferred License Mapping for information about what happens depending on the type of license you select.

Note:You cannot create a custom license from the Lookup Component window to associate with a component version. However, you can create a custom license for the inventory item after you have selected an instance or when you editing the item. Alternatively, you can create custom licenses from the Policy Details window or from the Licenses tab on the Global Component & License Lookup page. For more information, see Creating a Custom License.

New instances are made available at the global level for use by inventory in other projects.

Edit Custom Component

(Available if the component is custom) Click this button to open the Edit Custom Component window to update the component properties. For information on editing a custom component, see Creating and Editing Custom Components.