Component Info View
Visualization Chart
This chart shows the properties of the known versions of the selected component ordered from the oldest to the newest.
Clicking on any section in the visualization will display details for that specific version in the fields below the visualization.
Use the arrows to navigate the full range of available versions.
The heatmap colors represent the highest policy threat levels for each version, with no marker indicating no threat. The properties displayed include:
Field | Description |
---|---|
Popularity | The relative popularity of a version as compared to the other versions of this component. |
Policy Threat | the aggregate of all policy types |
Security | security violation policies (known CVEs, Suspicious, or Malicious threat) |
License | licensing violation policies |
Quality | architectural policies from the component metadata |
Other | policy constraints outside of those covered above |
The represented values for the heatmap colors are as follows:
For Popularity
Grey - any versions older than the current version.
Green - newer, but within the same major version of the component.
Blue - newer component versions, but with a greater major version than the current component.
For Policy Threat
Blue - no risk
Yellow - minor risk
Orange - medium risk
Red - high risk
Version Details
Some of the known metadata of a specific component version is displayed along with access to further features:
Field | Description |
---|---|
Component Identifier | ecosystem-specific fields for grouping and naming the component |
Version | currently selected version |
Overridden License | chosen license to use |
Declared License | specific license declared in the versions manifest |
Observed License | licenses found in a source code |
Highest Policy Threat | highest threat level violation found |
Highest CVSS Score | score of the highest security issue |
Cataloged | age of the component listed in the repository |
Identification Source | the source of the available metadata |
Website | link to the project's website when available |
View Details | button to display the details of the selected component |
Migrate to Selected | modify the source code to reference the new version |
Recommended Versions
Provides suggestions for later versions of the selected component that do not violate the same policies as the current version.
The version hyperlink will display that version's metadata in the right-hand list of properties.
Note
No recommendations are provided if there are no newer versions of the selected component that would not have policy violations.