OSS Risk

The OSS Risk page analyzes the risk posture of open-source components within the codebase and deployment artifacts. The Global Risk page displays the risk status of the various open-source components found in the discovered artifacts. Detailed insights and assessments of the findings are displayed on this page for better visibility and management.

To View OSS Risk

• Navigate to Global Risk Management > OSS Risk. The OSS Risk status page is displayed as shown below:

The top panel displays the following details:

• Risk Distribution - Displays the risk status count of all the identified libraries.

• License Distribution - Displays the license distribution count of all the identified libraries.

The grid below displays the following details of the OSS libraries:

• OSS Library - Displays the name of the open source library.

• Risk Status - Displays the risk status of the OSS library, namely; Apocalypse, Critical, High, Medium, Low and Unknown.

• Stars - Displays the number of users who have bookmarked the library.

• Forks - Displays the number of times the library has been copied or cloned by the users.

• Number of CVEs - Displays the number of CVEs (Common Vulnerabilities and Exposures) for the library.

• Mean Time to Repair - Displays the average time taken for the issues reported to be fixed.

• License Type - Displays the license type for the given library, namely; Forbidden, Restricted, Reciprocal, Notice, Permissive, Unencumbered and Unknown. E.g., MIT, Apache, BSD, GNU - GPL, LGPL. MPL etc.

• Impacted Repository - Displays the link of the repository that is impacted by the risk.

• Source - Displays the source name of the impacted repository.

• Copyrights - Displays the copyrights of details of the license type.

To Add License Type

The License type for a given OSS library can be edited and new license types can be added.

1. Click the 3 dots in the Actions column for the OSS library that you want to edit or add license type.

2. Select Edit License.

The Edit License page is displayed.

1. Click the + sign. A new row gets added.

1. Choose the license type from the Select License dropdown. The category for the license type cannot be changed.

2. Click Update. The new license type is added to the OSS library.

3. To delete a license type, click the Delete icon.