Skip to main content
Skip table of contents

UI - What are 'Requires Review' libraries?

What is the meaning of libraries marked as ‘Requires Review’ and in what cases can these appear?

Answer: ‘Requires Review’ slice indicates all components for which a license was not found.         
There can be several possible reasons for RR components:

  1. In house component (not Open Source)

  2. Commercial code – 3rd party components

  3. A file that has been modified or recompiled (the SHA-1 signature changes and a match cannot be found in Mend OSS database)

  4. A component which was downloaded from a repository we do not scan

What should I do with libraries marked as ‘Requires Review’?*

  1. Flag as In-House - This will immediately and automatically remove the components from all Mend reports, other than the In-House report and the In-House section in the Admin tab. This can be done manually or by creating rules. You can find more information here regarding 'In House' Rules.

  2. (Optional) Assign a ‘Commercial’ license and add to whitelist.

  3. Assign the license yourself, if you know it.

  4. Submit a request to our Compliance and Security Team: they will find the relevant license and assign it to the library. This can be done by:

    1. Checking the relevant components in the Inventory

    2. Click Actions > Request Resolution.

*Please refer to the following article, for some best practices related to this process:

Legacy Mend UI - Submitting a list of libraries for Mend to Review

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close