Skip to main content
Skip table of contents

The Container Image Attribution Report

Overview

The Container Image Attribution Report, accessible via your Mend Platform’s main navigation, provides detailed information on the open-source packages used in your container images. It shows the package names, versions, licenses, and the specific projects where each package is utilized. This report helps you maintain compliance with open-source licensing requirements and ensures transparency in managing your containerized dependencies.

Getting it done

You can generate the report via the Reports page.

  1. Click the Reports button located in the top bar of the Mend Platform user interface:

    image-20240719-091017.png

  2. Click the Create button ( image-20240902-144937.png ) at the top-right edge of the Reports page.

    image-20240908-134803.png

  3. Select Container Image Attribution from the drop-down list of the Create Report wizard:

    image-20240919-133433.png

  4. Scope - Define the report's scope by specifying the application. You can refine the scope by selecting one or more projects within that application.

    image-20240919-133348.png

  5. Configuration - Specify the Report Name and Format (JSON/HTML).

    image-20240919-133228.png

  6. Group by – Determine how the report data is organized:
    a. Project: Groups the report data by project. All dependencies or components used within each project would be listed under that specific project. This option is not yet available for selection.

    b. Package: Groups the report data by package. Each package or dependency is listed individually, showing where it's used across multiple projects.

    image-20240919-133131.png

  7. Advanced – Add a Report Footer and Report Header to your report.

  8. Click Create.

    image-20240919-133050.png

Understanding the Container Image Attribution Report

The Container Image Attribution Report provides an overview of the open-source packages included in your container images. It tracks each package's licenses, versions, usage, and key details.
Example of the report in table format:

CODE 
| Package Name       | Package Version | Application | Projects       | Licenses       |
|--------------------|-----------------|-------------|----------------|----------------|
| python3-dbus       | 1.2.4-15.el8    | AW-Test     | [redhat_ubi8]  | [MIT]          |
| libassuan          | 2.5.1-3.el8     | AW-Test     | [almalinux, re | [GPL-3.0+, LG] |
| basesystem         | 11-5.el8        | AW-Test     | [almalinux, red| [Public Domain]|

Example breakdown:

  • Package Name: The name of each open-source library or package included in the container image.

  • Package Version: The version of the package currently in use within the container.

  • Application: The application or product associated with the container image.

  • Projects: Lists the specific projects within the application using the package.

  • License: Name of the license under which the library is distributed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close