Table of Contents |
---|
Introduction
...
- Security Risk (due to vulnerabilities introduced by components)
- Obsolescence Risk (due to using obsolete components)
- License Risk (due to legal implications of used components’ licenses)
Components Inventory
If you are a developer, you most probably will access to build systems where external components are “identified”.
But, are those 3rd party components part of a “controlled” inventory? Most probably, don’t.
Info |
---|
Kiuwan Insight analyzes your application software, discovering all external dependencies, and builds a Components Inventory that lets you track of any external piece of code that could be part of your application. |
Supported languages and resources
Kiuwan Insights uses the following resources to extract information on 3rd party dependencies.
Supported languages | Supported repositories | Supported build systems |
Java |
|
|
Javascript |
|
|
.Net |
|
|
Python |
|
|
Swift |
|
|
Php |
|
|
From these sources, Kiuwan Insight builds the Components Inventory of your application.
Info |
---|
Components Inventory is accessible trough Insights >> Components tab. |
Insights >> Components
Insight >> Components tab displays Components Inventory:
- Overall Information on Components – aggregated information on number and type of components
- List of Components – detailed listing of components
- Component detail – detailed information on selected component
Overall Information on Components
- Number of components by language
- Number of components by Security Risk level (High, Medium, Low and None)
- Alerts :
- Components with High Security Risk
- Components being used with different versions that might be cause conflicts
- Etc.
List of Components
Kiuwan Insights provides a full listing of all those components being used by your application.
For every 3rd party component, you will have access to detailed component information such as:
- Component name and description
- Used version(s)
- Its filename (i.e. physical container) (.jar, .dll, .js, etc)
- Programming language
- Obsolescence risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
- License risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
- Security risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
Security risk
Info | ||
---|---|---|
| ||
A component’s Security Risk is based on CVSS v2 Base Scores (Severities) of its vulnerabilities:
|
Please visit XXXXXXXXXXXXXXXXX for further information on CVSS v2 Base Scores (Severities) of vulnerabilities.
Obsolescence risk
Info | ||
---|---|---|
| ||
A component’s Obsolescence Risk is a measure of the risk level relative to:
Both values are combined in the Obsolescence Risk to provide a value of the risk associated to using outdated or “dead” components. |
Please visit XXXXXXXXXXXXXXXXX for further information on Obsolescence.
License risk
Info | ||
---|---|---|
| ||
A component’s License Risk is a measure of the risk level relative to legal implications of used components’ licenses. |
Please visit XXXXXXXXXXXXXXXXX for further information on Licenses.