.svg){kind=logo}
What is the meaning of libraries marked as ‘Requires Review’ and in what cases can these appear?
Answer: ‘Requires Review’ slice indicates all components for which a license was not found.
There can be several possible reasons for RR components:
-
In house component (not Open Source)
-
Commercial code – 3rd party components
-
A file that has been modified or recompiled (the SHA-1 signature changes and a match cannot be found in Mend OSS database)
-
A component which was downloaded from a repository we do not scan
What should I do with libraries marked as ‘Requires Review’?*
-
Flag as In-House - This will immediately and automatically remove the components from all Mend reports, other than the In-House report and the In-House section in the Admin tab. This can be done manually or by creating rules. You can find more information here regarding 'In House' Rules.
-
(Optional) Assign a ‘Commercial’ license and add to whitelist.
-
Assign the license yourself, if you know it.
-
Submit a request to our Compliance and Security Team: they will find the relevant license and assign it to the library. This can be done by:
-
Checking the relevant components in the Inventory
-
Click Actions > Request Resolution.
-
*Please refer to the following article, for some best practices related to this process:
Legacy Mend UI - Submitting a list of libraries for Mend to Review