Understanding the Library Details Page
Overview
This page describes the Library Details page, its features, and its capabilities.
Accessing the Library Details Screen
To access the Library Details screen, do as follows:
From any Product/Project screen (accessed from the Products or Projects menu), in Libraries, double-click the library whose details you want to view. The Library Details screen is displayed.
Clicking on the following tabs enable you to see details about:
General Info
Alerts
Attributes & Notices
Versions & Trends
Aggregated Data
General Info
The General Info tab displays the following:
General Information: Group ID, Artifact ID, Version, etc.
Copyrights: View the copyright. Assign a copyright or leave it blank.
Licenses: License name/liability reference, etc. See Changing a Library's License.
More Info: More information about the library, such as, links to the library's home page, developers' information, and so on.
If the library is marked as “Matched by filename” and the “library found in” field is empty, this indicates that the Unified Agent was not able to find the library’s artifacts and calculate its SHA-1 value. For more information, see Why Is the Dependency Location for My Library Blank? (Knowledge Base).
To access the list of library types visible in Mend, see Library types in Mend SCA.
Alerts
The Alerts tab displays the Library Alerts view within the relevant context (organization, product or project). It provides all the alerts regarding the specific library, such as Policy violations, Vulnerabilities, New available version, and so on.
Attributes & Notices
The Attributes & Notices tab displays the following:
Custom Attributes: Documenting usages of this library in your project or the home page for the library.
Notices: General comments on the library.
Versions & Trends
The Versions and Trends tab displays the following:
Known Versions: View any known versions of the library. In addition, you can compare the current and older versions of the library.
Vulnerability: View library security trends for a specific library across different versions, color-coded according to severity (red, orange, or yellow). Do any of the following:
In Versions, expand a library's version for general information about its security history across different versions. This information contains a link to the library's CVE page.
Filter a version for high, medium, or low severities, or no vulnerabilities at all. To do so, click the version's selector icon and select the required filter.
Aggregated Data
The Aggregated Data tab displays vulnerabilities, licenses, policies, violations and library information for the dependent libraries. Users must select the product and project scope first. This information is unique, in other words each combination of vulnerability+library will be displayed just once, and similarly for violations and licenses.
Aggregated Licenses: Displays aggregated data for licenses for direct and transitive dependencies. The number in parenthesis displays the aggregated number of licenses.
Aggregated Policies: Displays aggregated policy violations data per project, with policy name, library, and creation date. The number in parenthesis displays the aggregated policies data.
Aggregated Library Vulnerabilities: Displays aggregated direct and transitive vulnerability information for the library. The number in parenthesis displays the aggregated library vulnerability data.
Aggregated Library Data: Displays aggregated dependencies data.
Additionally, context-based selection is available, depending on how the user arrived at the screen:
If the user arrived from the Project page, the product and project are selected.
If the user arrived from the Product page, the current product (if the user reached this screen from a product) and the last viewed project are selected
If the user arrived from a general view (i.e., a report or search, without a context), the last viewed product and project are selected.
Additional Functionality
Impact Analysis
To access Impact Analysis, from the library's name on top, click View Impact Analysis.
Impact Analysis provides better control of the libraries you use and greater understanding of the popularity factor of each library. You can view how the library is being used within your organization, in which projects those libraries are used and whether they are direct or transitive dependencies, and which project has a library as a dependency and under which library.
Dependency Path
To see the full dependency tree path that led to the library, from the Impact Analysis screen, click Dependency Path.