Table of Contents |
---|
Components Inventory
If you are a developer, you most probably will access to build systems where external components are “identified”.
...
Info |
---|
Kiuwan Insight analyzes your application software, discovering all external dependencies, and builds a Components Inventory that lets you track of any external piece of code that could be part of your application. |
Supported languages and resources
Info |
---|
Kiuwan Insights uses the following resources to extract information on 3rd party dependencies. |
...
Info |
---|
Components Inventory is accessible trough Insights >> Components tab. |
Insights >> Components
Insight >> Components tab displays Components Inventory:
- Overall Information on Components – aggregated information on number and type of components
- List of Components – detailed listing of components
- Component detail – detailed information on selected component
Overall Information on Components
- Number of components by language
- Number of components by Security Risk level (High, Medium, Low and None)
- Alerts :
- Components with High Security Risk
- Components being used with different versions that might be cause conflicts
- Etc.
List of Components
Kiuwan Insights provides a full listing of all those components being used by your application.
...
- Component name and description
- Used version(s)
- Its filename (i.e. physical container) (.jar, .dll, .js, etc)
- Programming language
- Obsolescence risk (see Obsolescence Risk )
- License risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
- Security risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
Security risk
Info | ||
---|---|---|
| ||
A component’s Security Risk is based on CVSS v2 Base Scores (Severities) of its vulnerabilities:
|
Please visit XXXXXXXXXXXXXXXXX for further information on CVSS v2 Base Scores (Severities) of vulnerabilities.
Obsolescence risk
Info | ||
---|---|---|
| ||
A component’s Obsolescence Risk is a measure of the risk level relative to:
Both values are combined in the Obsolescence Risk to provide a value of the risk associated to using outdated or “dead” components. |
Please visit XXXXXXXXXXXXXXXXX for further information on Obsolescence.
License risk
Info | ||
---|---|---|
| ||
A component’s License Risk is a measure of the risk level relative to legal implications of used components’ licenses. |
...
Please visit XXXXXXXXXXXXXXXXX for further information on Licenses.
Component details
By clicking on a component, you will have access to the following information:
- Description of the component
- License of the component
- Found vulnerabilities of the selected component:
- CVE identifier, and link to NIST National Vulnerability Database desc page
- CWE type, and link to MITRE Common Weakness Enumeration desc page
- Vulnerability description
- Severity (more on this at XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
Duplicated components
Info |
---|
With Kiuwan Insights you can identify different versions of the same component used by your application. |
...