search

OSS Risk

The OSS Risk page analyzes the risk posture of open-source components within the codebase and deployment artifacts. The Global Risk page displays the risk status of the various open-source components found in the discovered artifacts. Detailed insights and assessments of the findings are displayed on this page for better visibility and management.

hashtag
To View OSS Risk

  • Navigate to Global Risk Management > OSS Risk. The OSS Risk status page is displayed as shown below:

The top panel displays the following details:

  • Risk Distribution - Displays the risk status count of all the identified libraries.

  • License Distribution - Displays the license distribution count of all the identified libraries.

The grid below displays the following details of the OSS libraries:

  • OSS Library - Displays the name of the open source library.

  • Risk Status - Displays the risk status of the OSS library, namely; Apocalypse, Critical, High, Medium, Low and Unknown.

  • Stars - Displays the number of users who have bookmarked the library.

  • Forks - Displays the number of times the library has been copied or cloned by the users.

  • Number of CVEs - Displays the number of CVEs (Common Vulnerabilities and Exposures) for the library.

  • Mean Time to Repair - Displays the average time taken for the issues reported to be fixed.

  • License Type - Displays the license type for the given library, namely; Forbidden, Restricted, Reciprocal, Notice, Permissive, Unencumbered and Unknown. E.g., MIT, Apache, BSD, GNU - GPL, LGPL. MPL etc.

  • Copyrights - Displays the copyright information for the given license.

  • Impacted Repository - Displays the link of the repository that is impacted by the risk.

  • Source - Displays the source name of the impacted repository.

  • Copyrights - Displays the copyrights of details of the license type.

  • Actions - On clicking the View License Rollup option that is displayed, you can view the License Rollup for the selected OSS Library.

On expanding the individual OSS library, the details of the OSS library pacakge such as PURL (packge URL), Component version, Artifact tags are displayed.

hashtag
To Download the details

  • You can download the details shown in the page in .json or.csv format by clicking the Download button.

  • You can download the details as a PDF by clicking the Report button.

hashtag
To View the License Rollup

The license rollup page that displays the complete license details for the OSS packages for each OSS library can be accessed from the View License Rollup option.

  • Click the three dots in the Action column > View License Rollup.

PreviousGlobal Risk ManagementNextLicense Rollup

Last updated