The Dependencies Due Diligence Report

Overview

The Dependencies Due Diligence Report, accessible via your Mend Platform’s main navigation, provides a detailed view of the open-source libraries used across selected projects within an application, including their risk scores and licenses.

Getting it done

There are two ways to generate a Dependencies Due Diligence Report.

Via the Reports page.

Via Mend API 3.0 Reports section.

Generate the report using the Mend Platform

You can generate the report via the Reports page.

Click the Reports button located in the top bar of the Mend Platform user interface:
Click the Create button ( ) at the top-right edge of the Reports page.
Select Dependencies Due Diligence from the drop-down list of the Create Report wizard:
Scope - Define the report's scope by specifying the application. You can refine the scope by selecting one or more projects within that application.
Configuration - Specify the Report Name and Format (JSON/XML).
Notification – Get notified by email when the report is ready by selecting the Send me an email notification when this report is ready checkbox.
Click Create.

Generate the report using the Mend API

For details on generating the Dependencies Due Diligence Report via API, refer to our Mend API 3.0 page:

Understanding the Dependencies Due Diligence Report

The Dependencies Due Diligence Report provides comprehensive details on each license and associated libraries.

Example of the report in a table format:

CODE

| Type        | Risk Score | Library                        | Reference                                                                                         | Copyright                                             | Download Link                                                                                      | Homepage                        | Package URL                                                                                        | Author                             | Project Name | Product Name  | Reference Type | License        | All References                                                                                     |
|-------------|------------|--------------------------------|---------------------------------------------------------------------------------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------|-----------------------------------|----------------------------------------------------------------------------------------------------|------------------------------------|--------------|---------------|----------------|----------------|----------------------------------------------------------------------------------------------------|
| Open Source | 65         | jboss-as-remoting-7.0.2.Final.j| https://index.mend.io/gri/app/reader/resource/content/asString/1bf4c983-4eda-4b2c-892b-61994f7a4bc| 2010 Copyright 2010 Red Hat, Inc., and individual con| https://repo.maven.apache.org/maven2/org/jboss/as/jboss-as-remoting/7.0.2.Final/jboss-as-remoting | http://www.jboss.org/             |   https://repo.maven.apache.org/maven2/org/jboss/as/jboss-as-remoting/7.0.2.Final/jboss-as-remotin | JBoss, a division of Red Hat, Inc. | Demo Data    | Demo Product  | POM file       | LGPL 2.1       | https://index.mend.io/gri/app/reader/resource/content/asString/1bf4c983-4eda-4b2c-892b-61994f7a4bca|
| Open Source | 39         | xml-apis-2.7.1.jar             | https://index.mend.io/gri/app/reader/resource/content/asString/7c65110b-ed61-42ef-9589-122091bf9be| 1999 Copyright 1999 Sun Microsystems,IBM Corporation | https://nexus.opendaylight.org/content/groups/public/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.j| http://xml.apache.org/xerces2-j/  | https://nexus.opendaylight.org/content/groups/public/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.po| Sun Microsystems, World Wide Web Co| Demo Data    | Demo Product  | POM file       | Apache 2.0     | https://index.mend.io/gri/app/reader/resource/content/asString/7c65110b-ed61-42ef-9589-122091bf9beb|
| Open Source | 78         | neo4j-udc-1.8.1.jar            | https://index.mend.io/gri/app/reader/resource/content/asString/a741568f-8f5e-4a95-afed-a069db4ad3c| 2002-2012 Copyright 2002-2012 Network Engine for Obj | https://repo.maven.apache.org/maven2/org/neo4j/neo4j-udc/1.8.1/neo4j-udc-1.8.1.jar                | http://components.neo4j.org/neo4j | https://repo.maven.apache.org/maven2/org/neo4j/neo4j-udc/1.8.1/neo4j-udc-1.8.1.pom                 | The Neo4j Graph Database Project   | Demo Data    | Demo Product  | POM file       | GPL 3.0        | https://index.mend.io/gri/app/reader/resource/content/asString/a741568f-8f5e-4a95-afed-a069db4ad3c9|

Example breakdown:

Type: Whether the library is open source.
Risk Score: The risk score associated with the dependency.
Library: The name and version of the library.
Reference: A link to the reference for the library.
Copyright: Copyright information.
Download Link: A link to download the library.
Homepage: The official homepage for the library.
Package URL: A link to the package URL.
Author: The entity responsible for the library.
Project Name: The name of the project.
Product Name: The name of the application.
Reference Type: Type of reference file.
License: Name of the license under which the library is distributed.
All References: A link to the reference and the reference file type.