Claiming a Component
Components with a match state of Similar
or Unknown
may be manually identified by claiming them. Claiming the component stores the identity information against that component's hash to avoid triggering the Component-Unknown policy.
The claim is applied globally so any other application being analysed will benefit from the claim. The component will have a match state of Exact
, and the Identification Source will be Manual
in future scans or re-evaluations.
Claiming components may also be done using the Component Claim REST API.
All unknown components may be claimed from any ecosystem. However, the claimed coordinates are limited to the Maven format.
Security information is matched against the component hash. Claiming a component does not pull security vulnerability data against a public component with that same namespace. However, it may pull in license information from the public component. When license data is not found for that namespace, the newly claimed component will violate the
License-None
policy.You will receive an error when claiming a component with coordinates already in use by another component.
Claiming from an Application Composition Report
Claiming a component requires a role with the "View IQ Elements" and "Claim Components" permissions.
Find a component in the report with a match state of Similar or Unknown
Select the component to navigate to the component details. You'll see an information box at the top of the page, as in the example below.
Select Claim Component. The Group_ID, Artifact_ID, Version, and Extension are mandatory.
Select Claim at the bottom right to save your work.
On re-evaluation, the component has a match state of Exact
and the Identification Source of Manual
.
Editing or Remove a Claim
To edit or remove a claim, select the claimed component and select the Claim tab on the Component Details Page. Use the red Revoke button at the bottom right to remove the claim or edit the fields and select Update to save your changes.