Dependencies and SBOMs
Monitor your dependencies
The Dependencies
view lists all the direct and transitive dependencies found across your codebase.
Direct dependencies are directly declared in your code, while transitive dependencies are called by other dependencies.
It also includes the number of sources where the dependency is introduced and the opened incidents related to this version. This list can help you understand which dependencies you rely on the most and where to prioritize remediation efforts. The view also includes the license for each dependency, as well as its license type:
- Copyleft licenses require that any software using the licensed dependency must be distributed under the same license, which can be a threat to your intellectual property. You may find additional information on Wikipedia.
- Permissive licenses allow modified software to be distributed under different terms.
Please note that some licenses fall outside one of those categories and will be identified as Uncategorized
.
Generate SBOMs
You can generate a Software Bill of Materials (SBOM) for one or several sources.
All SBOMs are generated using the CycloneDX format. This capability is offered by:
The
Sources
view:- Directly using the top right call-to-action, you can select several sources and decide to generate a file per repository or combine them within a single file.
- Using the bulk actions to select sources and click on the Generate bulk action button.
- Or even from a source information panel itself.
Or the
Dependencies
view, using the same call-to-action as from theSources
view.