View your Dependencies Inventory within your organization

Overview

As AppSec Manager or Legal Manager, you will be reviewing the Applications and Projects with their Dependencies Inventory findings. You will want to drill down into them to review their summaries including their License, License Risk, and Copyrights, and take actions such as marking a library as Proprietary or Commercial.

Getting It Done

View the Applications or Projects with Dependency Findings

1. Navigate to the Applications/Projects view in the top menu bar.

2. Ensure only the Dependency Scan engine is enabled. Click the Code Scan engine and Container Scan engine to disable them if they are not already disabled.

2. Search or Select the Application/Project that you would like to view. You can sort by the number of Dependency Findings or Policy Violations. You will be redirected to that application's summary page or project’s summary page.

3. Click SBOM in the left panel to view the SBOM view of your Dependencies Inventory within the Application/Project.

View the OSS List of your Application/Project

The default view of the SBOM view is the OSS List, where you can find all of the scanned Dependencies engine findings within an application, including the following information:

• Library Name

• Project Reference

• Library Type

• Dependency Type

• License

• License Risk

• License Reference

• Copyrights

• Home Page

• License Notice (if applicable)

Manual License Type assignment for Libraries

In the Dependencies Inventory view, you can also mark a library as Proprietary or Commercial. This provides more flexibility to manage your software inventory more precisely, ensuring better compliance and governance for both open-source and non-open-source libraries.

Note: Assigning a Proprietary or Commercial license to a library will override Mend’s license assignments at the organization level. You can revert to the original license assignment as detected by Mend.

Mark Library as Proprietary

1. Select the Library you would like to mark as Proprietary.

2. Click on the Actions button in the top right of the OSS List table.

3. Select Mark as Proprietary. A pop-up window will show up and ask for a required comment.

4. Click OK.

5. To see the list of libraries that were marked as Proprietary, navigate to the Proprietary view in the upper table menu:

To revert an existing assignment, you should select the library and click on Mark as Open Source in the top left corner:

Mark Library as Commercial

Note: A bulk operation is not currently supported.

1. Select the Library you would like to mark as Commercial.

2. Click on the Actions button in the top right of the OSS List table.

3. Select Mark as Commercial. A pop-up window will show up and ask for a required comment.

4. Click Mark as Commercial.

5. To see the list of libraries that were marked as Commercial, navigate to the Commercial view in the upper table menu:

To revert an existing assignment, you should click on the library name. You’ll be navigated to the Library Info page:

1. Navigate to the Licenses section.

2. Click Revert above the Commercial License section.

3. Click OK in the pop-up window to revert back to Mend’s license assignment.