Skip to main content
Skip table of contents

The Dependencies Inventory Report

Overview

The Dependencies Inventory Report, sometimes referred to as a BOM (Bill Of Materials), enables you to view detailed information about the dependencies in an Application or Project. It provides a description of the library function, its assigned licenses, the number of instances in which the library is used in the selected scope and more.

Getting it done

Generate the Dependencies Inventory Report via the Reports Page

  1. Click the Reports button located in the top bar of the Mend Platform user interface:

    image-20240719-091017.png

     

  2. Click the Create button (image-20240719-090655.png) located at the right edge of the Reports page.

  3. Select Dependencies Inventory from the drop-down list of the Create Report wizard:

    image-20240823-191744.png

  4. Scope - define the scope of the report by specifying the Application. You can also select the Project or projects within the application to include in the report.

    image-20240823-192550.png

  5. Configuration - Specify a name for your report and the desired format.

    image-20240823-192953.png

  6. Create - As with any report, you are given the option to get notified by email when the report is ready, by filling the Send me an email notification when this report is ready checkbox. Click Create to start the report creation process.

    image-20240719-095139.png

Download your Dependencies Inventory Report

At this stage, the report will be added to the list of reports on the main Reports page, allowing you to download it by clicking the Actions menu (image-20240823-193942.png) at the right edge of the screen followed by Download:

image-20240823-193857.png

Understanding the Report Data

The Inventory Report provides the following columns of information per library:

  • Name: Standard name of the library.

  • Group: ID of the group to which the library belongs, as listed in the Library details.

  • Artifact: ID of the artifact repository manager of the library, as listed in the Library details.

  • Version: The version of the library as listed in the Library details.

  • Type: Source libraries will be denoted as “Source Library”. For binary libraries, the programming language will be denoted (e.g. JavaScript).

  • SHA1: The SHA-1 checksum of the library.

  • Description: Short functional description of the library.

  • Licenses: Licenses associated with the library.

  • Match Type: Can be one of the following:

    • Exact match: Library was matched by SHA-1 checksum.

    • Best match: Source file was matched by SHA-1 checksum; library assigned to a source library by best match.

    • Filename match: Library could not be matched by SHA-1 checksum but matched the filename.

    • Suspected match: Library match is expected and will be updated with the exact match.

  • Purl: The package URL of the library.

  • Product: The name of the application selected in the scope settings.

  • Project: The name of the project which contains the library in question.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close