Skip to main content
Skip table of contents

Libraries Missing a Location Path

This article explains the different causes for a library to be missing its location path inside the application UI.

In some cases, when a user enters a library’s details page, they will see that no associated system path is available for that library.

There are some cases when the library path is unavailable but only on the product level. This is because the library has multiple locations in different projects belonging to that product. When entering the library details page from the project page instead the library will have the associated location path.

Possible causes for missing location path:

Filename match - Some of the time, the absence of the library location is accompanied by an indication that the library has been matched by filename. This may suggest that this library was not downloaded in the scan or was deleted from the project prior to the scan being initiated. This leads to the library missing from the local cache while still being called in the project dependencies. As a result, Mend will not find the associated SHA1 identification to match by or the location path to print.

A possible solution is building the project prior to the scan and making sure that the issued library is available in the local cache.

 

System packages - The UA scan can include system packages. These packages do not have an associated path since they were scanned from the installed list of the operating system. Mend parses the installed packages from the operating system log and commands, therefore no SHA1 check can be performed on a "physical" library.

example of system packages: deb, rpm, apk, udeb, pkg.tar.xz

PHP packages - Mend does not provide a library location path for PHP packages. As the binaries will not be available, the scan will calculate the additionalSHA1 and a location path will not be provided (since the packages are not actually present on the system).

 

Library detected by a package manager - A library might be missing its path because it's detected by Mend via a package manager. In general, dependencies (transitive and even direct ones) are not necessarily picked up from the filesystem and not all of them have a permanent location in the filesystem.

If a package manager is used in the scan, there's a chance a certain package (which is a dependency for the project) will be listed by the package manager as a dependency, and Mend will use its coordinates, to retrieve its SHA1 and present it in the project inventory. This does not indicate however that there's a permanent location on the filesystem from which it was picked up. As a result, the library will have an ‘exact match’ type but the location will be empty in the application UI.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close