Dependency Tree
Users with IQ Server version 132 and above can access the Dependency Tree page. This view displays the Direct and Transitive components of the report as a dependency tree sorted by threat level.
Note
Note that the dependency tree is only available for npm, Maven, and applications with a CycloneDX SBOM that includes dependency information.
 |
Note
Note that older reports might not have the dependency info and need to be re-scanned (not re-evaluated).
Access the Dependency Tree
From the Application Composition Report, click the "View Dependency Tree" button above the Policy Violations Table.
 |
Additional Dependency Tree features
Sorting
Note
Threat level indicators match the threat level colors in the Application Composition Report.
Dependencies in the Dependency Tree are sorted (descending) according to the threat level within their nested level.
 |
 |
Filtering
Note
Note that the filter functionality is case-insensitive.
You can filter the Dependency Tree using a search term. The dependency tree will filter and all matches will be highlighted.
 |