This section
...
guides you through the functions of
...
Kiuwan Insights
...
.
Contents:
Table of Contents |
---|
Kiuwan Insights Dashboard:
Introduction to Kiuwan Insights
...
Many applications incorporate external open source and third-party components that
...
enable developers to build new functionality
...
Open Source repositories provide huge amounts of software that lets you build new applications very fast and robustly.
...
quickly and efficiently. But while the use of open source components has many benefits, it also introduces risk. Kiuwan Insights helps you manage this risk by providing answers to the key questions described below.
Info | ||
---|---|---|
| ||
|
...
|
...
|
...
|
Tip |
---|
Kiuwan Insights comes to answer all these questions by providing:
|
...
|
...
|
Components Inventory
Excerpt |
---|
Kiuwan Insight analyzes your application software, discovering all external dependencies, and builds |
...
a components inventory that lets you track any external piece of code that could be part of your application. Go |
...
to Insights |
...
> Components |
...
to access the components inventory. Supported languages and resourcesKiuwan Insights uses the following resources to extract information on 3rd |
...
party dependencies.
|
...
- Nuget
...
- Nuget (*.csproj, project.json, global.json, *.vbproj files)
|
...
...
|
...
- PyPI
- GitHub
...
- PyPI (setup.py files)
- Requirements (txt file with declared dependencies)
|
...
|
...
...
|
...
|
...
|
...
|
...
Maven (central or others configured in settings.xml or pom.xml files):
|
...
...
...
...
- pom.xml.
...
- Cocoapods
- GitHub
...
- Podspec (*.podspec, Podfile.lock files)
- Package (Package.swift files)
Repository Podspec in Github:
...
...
...
- podspec.json of the component.
...
- Packagist
...
- Composer (composer.json, composer.lock files)
|
...
|
...
...
|
...
|
...
|
...
|
...
- Ant (*.xml files)
- Maven (pom.xml files)
- Gradle (*.gradle and *.gradle.kts files)
|
...
|
...
Database vulnerabilities
From these sources, Kiuwan Insight builds the Components Inventory of your application.
You can add your specific private (local or remote) and/or public repositories by properly configuring Kiuwan Local Analyzer.
Please visit Insights - Additional Maven repositories for further information.
Security, Obsolescence, and Licensing
At a glance, Kiuwan Insights provides detailed information and visual indicators that quickly let you know the different levels of risk associated with every external component.
Every component is assigned a level (High, Medium, Low or None) on three different risk metrics:
- Security Risk (due to vulnerabilities introduced by components)
- Obsolescence Risk (due to using obsolete components)
- License Risk (due to legal implications of used components’ licenses)
...
Info |
---|
Security information is available at Insights > Security |
...
Obsolescence information is available at Insights > Obsolescence |
...
...
...