OSS Risk

The OSS Risk page analyzes the risk posture of open-source components within the codebase and deployment artifacts. The Global Risk page displays the risk status of the various open-source components found in the discovered artifacts. Detailed insights and assessments of the findings are displayed on this page for better visibility and management.

To View OSS Risk

Navigate to Global Risk Management > OSS Risk. The OSS Risk status page is displayed as shown below:

The top panel displays the following details:

Open Source Libraries - Displays the total number of open source libraries identified in the artifacts.
Risk Distribution - Displays the risk status count of all the identified libraries.
License Distribution - Displays the license distribution count of all the identified libraries.

The grid below displays the following details of the OSS libraries:

Risk Status - Displays the risk status of the OSS library, namely; Apocalypse, Critical, High, Medium, Low and Unknown.
Stars - Displays the number of users who have bookmarked the library.
Forks - Displays the number of times the library has been copied or cloned by the users.
Number of CVEs - Displays the number of CVEs (Common Vulnerabilities and Exposures) for the library.
Mean Time to Repair - Displays the average time taken for the issues reported to be fixed.
License Type - Displays the license type for the given library, namely; Forbidden, Restricted, Reciprocal, Notice, Permissive, Unencumbered and Unknown. E.g., MIT, Apache, BSD, GNU - GPL, LGPL. MPL etc.

PreviousGlobal Risk Management NextCloud Security

Last updated 8 days ago

Was this helpful?