Open Source Software (OSS) Risk Management

Open Source Software (OSS) risk management analyzes the risk posture of open-source components within your codebase and deployment artifacts. The OSS Risk page displays the risk status of the various open-source components found in the discovered artifacts. Detailed insights and assessments of the findings are displayed on this page for better visibility and management.

To View OSS Risk

• Navigate to the OSS Risk tab. The OSS Risk status page is displayed as shown below:

The top panel displays the following details:

• Open Source Libraries - Displays the total number of open source libraries identified in the artifacts.

• Risk Distribution - Displays the risk status count of all the identified libraries.

• License Distribution - Displays the license distribution count of all the identified libraries.

The grid below displays the following details of the OSS libraries:

• Risk Status - Displays the risk status of the OSS library, namely; Apocalypse, Critical, High, Medium, Low and Unknown.

• Stars - Displays the number of users who have bookmarked the library.

• Forks - Displays the number of times the library has been copied or cloned by the users.

• Number of CVEs - Displays the number of CVEs (Common Vulnerabilities and Exposures) for the library.

• Mean Time to Repair - Displays the average time taken for the issues reported to be fixed.

• License Type - Displays the license type for the given library, namely; Forbidden, Restricted, Reciprocal, Notice, Permissive, Unencumbered and Unknown. E.g., MIT, Apache, BSD, GNU - GPL, LGPL. MPL etc.