Skip to main content
Skip table of contents

The Inventory Report

Overview

The Inventory Report, sometimes referred to as a BOM (Bill Of Materials), enables you to view detailed information about all open source libraries in an account. It provides a description of the library function, its assigned licenses, the library match type, and the number of instances in which the library is used in the organization. In this report, you can also set attribute values for specific libraries, mark them as In-House, add them to the list of Whitelist libraries approved by your company, and more.

Accessing the Report

  1. From the main menu, select Reports > Inventory. The Inventory Report page is displayed.

  2. Select the scope for which the report should be created. The default scope is Organizational; however you can select any individual product and/or project for your data scope from the dropdown menus next to the report name. Do as follows:

    1. Open the All Products dropdown menu and select the product on which you want to base the report. 

    2. If you want to base the report on specific projects, open the All Projects dropdown menu and select one or multiple projects in the selected product.

    3. Click Apply and wait for the data to load into the report table.

  3. To further filter the report in order to view library properties with a specific value, do the following:

    1. Expand the Filter area, select a property from the By dropdown menu, and enter a Value by which to filter.
      The property options are: Library Name (default), Type, Description, Licenses, and Occurrences.

    2. Click Filter.

The Inventory Report is generated.

Understanding the Report Data

The Inventory Report provides the following columns of information per library:

  • Library Name: Standard name of the library.

  • Group: ID of the group to which the library belongs, as listed in the Library details. NOTE: This information is available only in the exported output file.

  • Artifact: ID of the Artifact repository manager of the library, as listed in the Library details. NOTE: This information is available only in the exported output file.

  • Version: The version of the library as listed in the Library details. NOTE: This information is available only in the exported output file.

  • Type: Denotes if it is a source library.

  • Description: Short functional description of the library.

  • Licenses: Licenses associated with the library.

  • Match Type: Can be one of the following:

    • Exact match: Library was matched by SHA-1 checksum.

    • Best match: Source file was matched by SHA-1 checksum; library assigned to a source library by best match.

    • Filename match: Library could not be matched by SHA-1 checksum but matched the filename.

    • Suspected match: Library match is expected and will be updated with the exact match.

    • Purple ā€œUā€: The library wasn't recognized during the scan. This is most likely due to it being a third-party library.

  • Purl: The package URL of the library. NOTE: This information is available only in the exported output file.

  • Occurrences: Number of all instances in which the library is used in any project in the organization. You can click the details link to see the name of the project(s) and their associated product names.

  • NOTE: You can sort the data in ascending or descending order by clicking on any of the above column titles.

Performing Actions on the Report

From the Actions dropdown menu, you can perform the following actions on a selected library or multiple selected libraries:

  • Set Attribute Value: Select an attribute and assign it a value that will be applied to all the selected libraries in the organization.

  • Mark as In-House: Mark the selected libraries as In-House libraries. You also have the option to mark all instances of the selected libraries as In-House libraries.

  • Add to Whitelist: Add the selected libraries to the Whitelist libraries approved for usage by your company.

  • Assign License: Assign a license to the selected libraries from the License dropdown list. Enter a Liability Reference to explain why you chose this license and optionally, enter any additional comments. In License Text (Optional), you can manually override the text to your library's specific license text.

  • Request Resolution: Make a resolution request for the selected libraries according to License (default) and/or Copyright. Note that a resolution request only affects libraries which do not have assigned licenses or copyrights.

NOTE: You can apply an action on All the libraries in the report table simultaneously, by selecting the checkbox above the table in the column titles row, and then selecting the action.

Exporting the Report

To export the report, click the Export dropdown menu at the top right corner of the report, and select the required export format:

  • Excel

  • JSON

  • XML

The exported report will reflect the selected scope (global organization, organization, product, or project) and filters.

For examples of exported report types, see Working with Reports | Exporting-a-Report.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.