The Due Diligence Report
Overview
The Due Diligence Report enables you to view due diligence information on each open-source library for the selected scope, in order to comply with appropriate legal requirements.
NOTE: A few closed-source licenses are still currently supported in order to avoid altering existing data.
Accessing the Report
From the main menu, select Reports > Due Diligence. The Due Diligence Report page is displayed.
Select the scope for which the report should be created. The default scope is Organizational; however you can select any individual product and/or project for your data scope from the dropdown menus next to the report name. Do as follows:
Open the All Products dropdown menu and select the product on which you want to base the report.
If you want to base the report on specific projects, open the All Projects dropdown menu and select one or multiple projects in the selected product.
If you want to include a custom attribute in the report, open the Select Custom Attributes dropdown menu, select the attribute's context (Organizational, Product or Project), then select the custom attribute. A new column will be displayed in the table with the custom attribute's name as its title, and the value per library (if defined).
To further filter the report in order to view properties with a specific value, do the following:
Expand the Filter area, select a property and enter a value by which to filter.
Property options are: License (default), Risk, Library, Copyright, Project and Product.Click Filter.
Select at least one License Type - by default, they are all selected:
Open Source
Closed Source
Unknown
Click Apply and wait for the data to load into the report table.
The Due Diligence Report is generated.
Understanding the Report Data
The Due Diligence Report provides the following columns of information:
License: The name of the license for the library
License Type: The type of license (Open Source, Closed Source, Unknown)
Risk: The license copyright risk score. For details, see Risk Score Attribution.
Library: Name of the open source library. Click the library name to be forwarded to its Library Details page.
License Reference: Includes an indication as to where the license was found
Copyright: The range of years for the library's copyright
Homepage: Link to the homepage of the library
Author: Name of the author of the library
Project: The project where the library is used
Product: The product where the library is used
Custom Attribute: Displayed only if a custom attribute was selected in Select Custom Attribute in the scope area. For details, see Setting Custom Attributes.
Level: The level of the license, root or nested
Exporting the Report
To export the report, click the Export dropdown menu at the top right corner of the report, and select the required export format:
Excel
JSON
XML
The exported report will reflect the selected scope (organization, product, or project) and filters.
For examples of exported report types, see https://docs.mend.io/legacy-sca/latest/the-reports-menu#TheReportsMenu-ExportingReports .